Data of 1.2M customers stolen in GoDaddy's latest data breach

The data of up to 1.2 million GoDaddy Inc. customers who use the company’s managed WordPress hosting have been stolen in the latest data breach to involve the web hosting and domain registration provider.

The latest security incident involving the high-profile company was only disclosed via a U.S. Securities and Exchange Commission filing that was published today. GoDaddy claims it only became aware of what it describes as a “security incident” on Nov. 17, but it dates back to Sept. 6. The exact form of the hack was not disclosed but is described as involving an “unauthorized third party” using a vulnerability to gain access to customer information.

The information stolen included the emails and customer numbers of active and inactive Managed WordPress GoDaddy customers. Original WordPress administrator passwords were also stolen, along with Secure File Transfer Protocol and database usernames and passwords. For a subset of customers, the SSL private key was also stolen.

GoDaddy says it’s “sincerely sorry for the incident and the concern it causes for our customers.” However, it has suffered multiple significant data breaches dating back to October 2019. In May 2020 it was disclosed that 28,000 GoDaddy customers were affected by a data breach. In November 2020, a GoDaddy employee was tricked into handing over control of cryptocurrency domains. The data of GoDaddy customers was also exposed via an Amazon Web Services Inc. S3 storage bucket in August 2018.

“This breach underlines the inherent weakness of relying on credentials to authenticate users, as it was caused by unauthorized access via a compromised password,” Robert Prigge, chief executive officer of identity verification company Jumio Corp., told SiliconANGLE. “With user email addresses, credentials for WordPress databases and SSL private keys exposed in this breach, cybercriminals have everything they need to conduct phishing attacks or impersonate customers’ services and websites.”

Nick Tausek, security solutions architect at security automation company Swimlane Inc., noted that because of its history with cybersecurity incidents, GoDaddy has become an easy target.

“It operates 35,000 servers hosting more than 5 million websites, with millions of people relying on its services for the day-to-day operations of their businesses and hobbies,” Tausek explained. “Because of the level of user dependency, repercussions can be severe when a situation like this presents itself.”

Jim Taylor, chief product officer at identity platform provider SecurID, owned by RSA Security LLC, said that the breach puts GoDaddy users and its employees and clients at greater risk of phishing attacks, account takeovers and brand impersonation. “Ultimately the breach means that GoDaddy’s users should put even greater emphasis on authentication and verify a user is whom they claim to be,” he said.

Photo: GoDaddy/Wikimedia Commons