On 17 November 2021, an unauthorised third-party access breach was discovered by domain registrar GoDaddy to its Managed WordPress hosting environment. The attacker used a compromised password to access the provisioning system in GoDaddy’s legacy code for Managed WordPress. The breach was discovered by Wordfence, a third-party security plugin for WordPress, and GoDaddy immediately blocked the account upon discovery. However, the attack had a large impact on the company.
Customers Affected Worldwide
Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed, while for active customers, sFTP and database usernames and passwords were exposed.
The original WordPress admin password was exposed, and the SSL private key was also exposed for a subset of active customers.
Financial ramifications for GoDaddy
For GoDaddy, the financial implications were immediate, with shares in the company falling 1.6% after the incident was disclosed.
Robert Prigge, CEO of Jumio, said that this breach underlines the inherent weakness of relying on credentials to authenticate users. The breach was caused by unauthorized access via a compromised password, and it’s not enough to simply reset passwords and private keys. More secure alternatives should be addressed, such as multifactor/biometric authentication.
Demetrius Comes, GoDaddy’s CISO, announced that the incident began on 6 September, 2021. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began our investigation with the help of an IT forensics firm and contacted law enforcement.”
Wordfence confirmed that at least six resellers of GoDaddy Managed WordPress were also affected by the breach: tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe. GoDaddy refuted this and stated that only a small number of reseller customers were affected.
This is not the first attack on GoDaddy, with this breach following three similar attacks in the past three years. GoDaddy has become an easy target for hackers, with millions of people relying on their business for manage their websites.
For more information on how to stay secure and protect your organisation from cyber-attacks, contact us at Agilient.
Author: Mahdi Kobeissi, Cyber Security Consultant