Wednesday, 24 November 2021 11:33

GoDaddy Security breach exposes 1 million email accounts

Written by
GoDaddy Security breach exposes 1 million email accounts REUTERS/Brendan McDermid/File Photo

Users of the web hosting service GoDaddy had their accounts compromised for months before learning about the breach. The attackers were also able to compromise websites’ security certificates.

Hackers targeting GoDaddy were able to access some 1.2 million email addresses affiliated with the domain registrar who used the WordPress web-hosting format, according to a US Securities and Exchange Commission (SEC) disclosure filed on Monday.

The hackers allegedly accessed a “provisioning system” within WordPress by “using a compromised password” associated with the content management system on September 6, interference that wasn’t noticed until two months later.

Upon discovering the breach on November 17, GoDaddy “immediately locked the attacker out,” the web hosting company claimed in the filing, explaining that it subsequently embarked on its own investigation and contacted law enforcement and an unspecified "IT forensics firm."

“We are sincerely sorry for this incident and the concern it causes for our customers,” chief information security officer Demetrius Comes wrote. “We, GoDaddy leadership and employees, take our responsibility to protect customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

Hackers prowling through the data left accessible to anyone with that compromised password were able to view not just the original WordPress admin passwords, but customers’ private SSL keys – best known as the miniature padlock icon used to reassure customers they are operating over a secure connection if they are shopping online, for example.

Comes pledged that the company had reset its main passcodes and was in the process of issuing and installing new SSL certificates, a thorny process given that web hosts are often warned against submitting personal information in response to inquiries from their hosting platforms, lest the inquiry turn out to be a phishing attack.

GoDaddy acknowledged the latter in another SEC filing, complaining of an “increased level” of “social engineering efforts” targeting the company, some of which were apparently successful.


Last modified on Friday, 17 December 2021 21:22

Comments (0)

There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest.
Attachments (0 / 3)
Share Your Location

Latest Comments

Nate Covington posted a comment in Download XMap for Joomla - All Versions Joomla
Hi, I stopped using Xmap years ago. Not sure about your particular error with Hikashop. I suggest ...
Jonathan Brain posted a comment in Download XMap for Joomla - All Versions Joomla
Got these errors with your copy of XMap for Joomla 3.0.x download when upgrading a Joomla / Hikashop...
Nate Covington posted a comment in Simple Drupal Webform (v4) PayPal Integration
@giucas - No, this is a "PayPal" thing. Most likely there IS a way for a user to pay with a guest a...
Joy Lewis posted a comment in Beware of Fraud: Web Design Scam
I had the same issue today, I'm glad I didn't respond it seemed really fishy. Thanks for getting i...
Thanks for this code! The paypal form doesn't allow guest payment (with credit card) but only via pa...

Areas of Interest

360-Degree Campaigns
Affiliate Marketing
Analytics & Data Reporting

Brand Development
Brand Identity & Standards
Brand Messaging
Brand Positioning
Brand Strategy
Content Development
Content Management
Corporate Communications
Creative Direction
Digital Marketing
Employee Engagement
Executive / Stakeholder Communications
Graphic Design
Key Messaging
Integrated Marketing
Internal Communications
Public Relations Management
Public Relations Strategy
Social Media Marketing
SEO & Optimization
Strategic Planning
Visual Communication
Web Design + Development
Web Maintenance & Updates

Workflow Process Engineering

Get a Quote

Web Design, Development, Consulting

We tend to ask the questions that need to be asked, and think of the details that nobody else does. We anticipate needs, find solutions to difficult problems, and bring order to complex situations.  

Get a Quote

Search Optimization & Local SEO

Let us optimize and manage your overall online presence, ranging from Google Maps and local business listings, to on-page SEO and speed optimization. 

Optimization Plans & Pricing

Maintenance, Security Updates & Patching

White glove monthly backups, updates, maintenance and testing for your Wordpress, Drupal, or Joomla site.

Maintenance Plans & Pricing