In a huge data breach, global web hostingplatform GoDaddy has revealed that nearly 1.2 million of its WordPresscustomers' sensitive information has been compromised.
In a blog post, GoDaddy's Chief InformationSecurity Officer (CISO) Demetrius Comes said that they've discoveredunauthorised access to its managed WordPress servers.
"Up to 1.2 million active and inactiveManaged WordPress customers had their email address and customer numberexposed. The exposure of email addresses presents risk of phishingattacks," Comes said late on Monday.
What is GoDaddy?
· GoDaddy Inc. isan American publicly traded Internet domain registrar and webhosting company headquartered in Tempe, Arizona andincorporated in Delaware.
· As of June 2020,GoDaddy has more than 20 million customers and over 7,000 employeesworldwide. The company is known for its advertising on TV and in thenewspapers.
· Founded in 1997,GoDaddy today offers tools for building professional websites. They arearguably the world’s most popular domain registrar and web hosting company.
· GoDaddy supportspopular payment gateways, like PayPal, Stripe, and Square. It does notcharge any transaction fee. You can try out their service for 30 days.Following which, you will need to pay $24.99.
What happened?
· Web hosting giantGoDaddy has reported a data breach and warns that data on 1.2 millioncustomers may have been accessed.
· GoDaddy said theunauthorized person used a compromised password to get access to GoDaddy’ssystems around September 6. GoDaddy said it discovered the breach last week onNovember 17. It’s not clear if the compromised password was protected withtwo-factor authentication.
· The company, whoseshares fell about 1.6% on Monday, said it had immediately blocked theunauthorised third party, and an investigation was still going on.
· The company iscontacting each of the affected user individually and resetting their privatekeys. It is also in the process of issuing new SSL certificates.
How can this breach affect its users?
Till now, there’s no report of an incidenttaking advantage of this breach. Users need to worry that attackers can use SSLcredentials to mimic domains that are owned by business houses. Moreover, keyscan be used to hijack domain names and blackmail companies.