GoDaddy data breach exposes more than 1.2m customers’ details

Attacker had access to admin passwords for over two months
Image: S. Hermann, F. Richter, Pixabay

23 November 2021

Hosting company GoDaddy has said that around 1.2 million users have been affected by a data breach on its managed WordPress hosting service.

The hack is said to have exposed e-mail addresses, customer numbers, administrative login credentials, and in some cases SSL private keys.

The hosting company discovered that an intruder had gained access to its managed WordPress hosting environment on 17 November, it said in a filing with the SEC. The intruder used a stolen password to access the provisioning system for the service.




Up to 1.2 million active and former users of the company’s managed service had their e-mail addresses and customer numbers exposed, the company said, raising the possibility of further phishing attacks to come. The original administrative passwords for the managed WordPress accounts were also available to the hacker, putting the accounts themselves at risk if the credentials were still in use.

Also exposed were sFTP and database usernames and passwords, and an undisclosed number of users also had their SSL private keys exposed.

GoDaddy discovered that the intruder had been inside the system since 6 September, meaning that the hacker has had access to the data for more than two months. It worked with a forensics company upon discovering the incident, and has taken steps to safeguard its systems, including changing original administrative passwords that were still in use, resetting sFTP and database passwords, and installing new digital certificates for affected customers.

“We are sincerely sorry for this incident and the concern it causes for our customers,” the company said in its filing. “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

In 2017, the company revoked thousands of SSL certificates after issuing them without proper checks and authorisation. In January 2019, an independent researcher found a vulnerability in its process for handling DNS change requests that enabled hackers to hijack domains and create phishing campaigns. It also notified customers of a hack that exposed SSH login details in the same year.

Future Publishing

Professional Development for IT professionals

The mission of the Irish Computer Society is to advance, promote and represent the interests of ICT professionals in Ireland. Membership of the ICS typically reduces courses by 20%. Find out more

Read More:

Back to Top ↑