In a huge data breach, global web hosting platform GoDaddy has revealed that nearly 1.2 million of its WordPress customers' sensitive information has been compromised.
In a blog post, GoDaddy's Chief Information Security Officer (CISO) Demetrius Comes said that they've discovered unauthorised access to its managed WordPress servers.
"Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks," Comes said late on Monday.
What is GoDaddy?
· GoDaddy Inc. is an American publicly traded Internet domain registrar and web hosting company headquartered in Tempe, Arizona and incorporated in Delaware.
· As of June 2020, GoDaddy has more than 20 million customers and over 7,000 employees worldwide. The company is known for its advertising on TV and in the newspapers.
· Founded in 1997, GoDaddy today offers tools for building professional websites. They are arguably the world’s most popular domain registrar and web hosting company.
· GoDaddy supports popular payment gateways, like PayPal, Stripe, and Square. It does not charge any transaction fee. You can try out their service for 30 days. Following which, you will need to pay $24.99.
What happened?
· Web hosting giant GoDaddy has reported a data breach and warns that data on 1.2 million customers may have been accessed.
· GoDaddy said the unauthorized person used a compromised password to get access to GoDaddy’s systems around September 6. GoDaddy said it discovered the breach last week on November 17. It’s not clear if the compromised password was protected with two-factor authentication.
· The company, whose shares fell about 1.6% on Monday, said it had immediately blocked the unauthorised third party, and an investigation was still going on.
· The company is contacting each of the affected user individually and resetting their private keys. It is also in the process of issuing new SSL certificates.
Also read: 1.2 mn WordPress websites breached, says GoDaddy
How can this breach affect its users?
Till now, there’s no report of an incident taking advantage of this breach. Users need to worry that attackers can use SSL credentials to mimic domains that are owned by business houses. Moreover, keys can be used to hijack domain names and blackmail companies.