GoDaddy, a domain name registrar and web hosting company, disclosed a data breach incident which exposed the data of 1.2 million customers.
A disclosure published by the company notified that in an incident discovered on November 17, 2021, an unauthorized third party had accessed the company’s Managed WordPress hosting environment. The unauthorized access was immediately blocked on detection, and a forensic investigation was initiated.
“Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress. Upon identifying this incident, we immediately blocked the unauthorized third party from our system. Our investigation is ongoing, but we have determined that beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to our customer information,” stated, Demetrius Comes, Chief Information Security Officer, GoDaddy.
The notification shared the following customer information:
Interestingly, GoDaddy has a help page for “My website was hacked. What should I do?”, listing warnings and best practices to abide by.
The company also disclosed a breach last year, in May, and alerted some of its customers that an unauthorized party used their web hosting account credentials in October to connect to their hosting account via SSH.
GoDaddy’s security team discovered that incident after spotting an altered SSH file in GoDaddy’s hosting environment and suspicious activity on a subset of GoDaddy’s servers.
GoDaddy is one of the world’s largest domain registrars and a web hosting company providing services to more than 20 million customers worldwide.
In a blog post on krebsonsecurity.com, Brian Krebs blogged about how fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms and the attacks were facilitated by scams targeting employees at GoDaddy.
The post GoDaddy Discloses Security Breach; Data of 1.2 Mn WordPress Users Exposed appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor