Unfortunately, GoDaddy was a little late in putting measures in place to curb the incident. The company told the SEC that it determined hackers first breached their systems on September 6, 2021, but that it didn’t take measures to block the hackers until November 17.
What happened
Demetrius Comes, GoDaddy’s Chief Information Security Officer, said the hack was pretty straightforward. Using a compromised password, the hackers accessed the provisioning system in GoDaddy’s code base for Managed WordPress. Managed WordPress hosting is something GoDaddy offers its clients -- sort of a jack of all trades platform where all the technical aspects of running a website are handled by GoDaddy, freeing the website owner from having to take care of those things.
When the company first spotted the hack, it immediately began an investigation with the assistance of an IT forensics firm. Comes said GoDaddy also contacted law enforcement.
“Upon identifying this incident, we immediately blocked the unauthorized third party from our system. … Our investigation is ongoing,” Comes said. As to what the hackers had access to, he offered the following:
Up to 1.2 million active and inactive Managed WordPress customers had their email addresses and customer numbers exposed. The exposure of email addresses is serious because it presents a risk of phishing attacks.
The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, GoDaddy reset those passwords.
For active customers, FTP and database usernames and passwords were exposed. GoDaddy says it reset both passwords.
For a subset of active customers, the SSL private key was exposed. Comes said the company is in the process of issuing and installing new certificates for those customers.
Are you a GoDaddy customer?
Comes said the company is in the process of contacting everyone who was impacted directly by the hack. However, he stated that customers can also contact GoDaddy via its help center.
“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down,” Comes said in closing. “We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”