GoDaddy breach exposes 1.2 million customer accounts

News
By published

An unauthorized third party recently accessed GoDaddy's managed WordPress hosting environment

Data Breach
(Image credit: Shutterstock)

The domain registrar and web hosting company GoDaddy has revealed that it suffered a data breach in which the user data of 1.2m of its customers may have been accessed.

In a filing with with Securities and Exchange Commission (SEC), the company's chief information security officer Demetrius Comes explained that an “unauthorized third party” had gained access to its managed WordPress hosting environment.

For those unfamiliar, WordPress is a content management system (CMS) used by millions of site owners worldwide to set up blogs and websites and like other hosting providers, GoDaddy offers WordPress hosting in addition to shared hosting, VPS hosting, dedicated servers and more.

According to GoDaddy, the unauthorized person gained access to its systems around September 6 by using a compromised password. However, it wasn't until last week on November 17 that the company discovered the breach.

Compromised user accounts

GoDaddy's SEC filing says that the breach affects 1.2m active and inactive managed WordPress users who had their email addresses as well as their customer numbers exposed.

The company also said that the original WordPress admin password, which was created when WordPress was first installed was also exposed. With this password in hand, an attacker can access a customer's WordPress server.

GoDaddy also revealed that active customers had their sFTP credentials and the usernames and passwords for their WordPress databases, that are used to store all of their content, exposed in the breach. However, in some cases, customer's SSL private keys were exposed and if abused, this key could allow an attacker to impersonate a customer's website or other services. While GoDaddy has reset customer WordPress passwords and private keys, it is currently in the process of issuing them new SSL certificates.

We'll likely hear more regarding the details of this data breach after GoDaddy finishes conducting a full investigation into the matter.

We've also featured the best data loss prevention services and best database software

Via TechCrunch

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
GoDaddy logo
GoDaddy told to up security practices by FTC
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Thousands of WordPress websites hit in new malware attack, here's what we know
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
Major breach hits employee screening firm - 3.3 million affected as hackers steal DISA data
GrubHub app on a mobile phone
GrubHub reveals massive data breach - customers, drivers, businesses all affected, here's what we know
Suitcase next to a bed in a hotel
Millions of hotel users see personal info checked out in huge data leak
Avast cybersecurity
Zapier tells customers their data may have been accessed
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Project Moohan prototype at Samsung Galaxy Unpacked, an XR goggles headset on display in a show area
Samsung's Android XR headset could avoid the Apple Vision Pro's biggest mistake, according to this leak
Rivian R1T
Big Rivian update delivers hands-off driving to rival Tesla Autopilot – and a new 'Rally' mode
Google Pixel 9 in Wintergreen showing back camera bar
The Google Pixel 10 could get a big camera boost if this new leak is legit
The Samsung Galaxy S25 Edge, close up on the dual camera system, against a marbled background
The Samsung Galaxy S25 Edge is being tipped to come with a sweet Google Gemini deal
Diego Luna looks questioningly at the back of someone's head as Cassian Andor in the show Andor
Disney+ is making Andor free to stream on YouTube, and now you have no excuse not to watch the best Star Wars show
Matt Murdock and Kirsten McDuffie standing in a court room in Daredevil: Born Again
Daredevil: Born Again episode 3 contains another Marvel reference to Spider-Man, but it's got nothing to do with Tom Holland's Peter Parker
More about security
Dr Chase Cunningham speaking at ZTW25

The grand delusion: endpoint protection isn’t the magic pill, says Dr Zero Trust
An American flag flying outside the US Capitol building against a blue sky

Sean Plankey selected as CISA director by President Trump
Google Pixel 9 in Wintergreen showing back camera bar

The Google Pixel 10 could get a big camera boost if this new leak is legit
See more latest
Most Popular
Google Pixel 9 in Wintergreen showing back camera bar
The Google Pixel 10 could get a big camera boost if this new leak is legit
Group of businesspeople negotiating gathered in modern conference room, blurred silhouettes view, meeting behind closed glass doors. Business communication, workflow, decision-making, strategy sharing
Many workers aren't sure how much their companies are set up to help them be productive
Diego Luna looks questioningly at the back of someone's head as Cassian Andor in the show Andor
Disney+ is making Andor free to stream on YouTube, and now you have no excuse not to watch the best Star Wars show
Project Moohan prototype at Samsung Galaxy Unpacked, an XR goggles headset on display in a show area
Samsung's Android XR headset could avoid the Apple Vision Pro's biggest mistake, according to this leak
Canva
It's just a concept for now, but this RTX 5090 liquid-cooled gaming laptop is possibly the craziest thing I've seen in a while
Rivian R1T
Big Rivian update delivers hands-off driving to rival Tesla Autopilot – and a new 'Rally' mode
Matt Murdock and Kirsten McDuffie standing in a court room in Daredevil: Born Again
Daredevil: Born Again episode 3 contains another Marvel reference to Spider-Man, but it's got nothing to do with Tom Holland's Peter Parker
The Samsung Galaxy S25 Edge, close up on the dual camera system, against a marbled background
The Samsung Galaxy S25 Edge is being tipped to come with a sweet Google Gemini deal
iRobot Roomba Combo 405 Plus
7 of my favorite upgrades in the all-new Roomba robovacs – plus 2 I'm worried about
Person holding phone showing O2 logo in front of Virgin Media logo
Virgin Media O2 reveals £700m network transformation plan to boost reliability across the board