GoDaddy data breach exposed over a million customer accounts

Shawn Knight

Posts: 13,774   +141
Staff member
What just happened? GoDaddy in a new filing with the US Securities and Exchange Commission revealed it recently discovered unauthorized access to its managed WordPress hosting environment, resulting in the exposure of account data belonging to as many as 1.2 million customers.

The Internet domain registrar and web hosting provider said the discovery was made on November 17, 2021, at which time they immediately began an investigation with the help of an IT forensics firm, and reached out to law enforcement.

The team learned that a compromised password was used to access the provisioning system in its legacy code base for managed WordPress starting on September 6. The attacker was able to gain access to the customer number and email address for up to 1.2 million active and inactive managed WordPress accounts. In the wrong hands, it could put customers at greater risk of phishing attacks, GoDaddy said.

GoDaddy further noted that sFTP and database usernames and passwords for active customers were also exposed, but have since been reset. A subset of active customers also had their SSL private key exposed. GoDaddy said it is in the process of issuing and installing new certificates for these customers.

GoDaddy has dealt with a number of issues in recent years. Back in early 2019, it was discovered that the company was injecting JavaScript into select customers’ websites without their consent. Later that same year, scammers managed to compromise hundreds of GoDaddy accounts to pedal snake oil products and more.

Share value in GoDaddy stock is down nearly five percent on the day, trading at $67.89 as of this writing.

Permalink to story.



Posts: 87   +69
Godaddy is a extreme limited webhosting company. Ive had to deal with it quite some times, in relation of support and moving clients over because the limitations imposed by godaddy, well. Work long enough with it and youll understand.

This is a very bad hack tho. 1.2 million clients pretty much exposed.


Posts: 616   +992
Every company has breaches, so all these narrow-minded attacks on GoDaddy in this case are unjustified. There's no such thing as 100% security, especially when humans are involved, I.e. all companies.