www.hostingjournalist.com - HostingJournalist.com
HostingJournalist.com V3.0 Has Been Launched. List Your Business and Start Publishing Today. Free 14 Day Trial. SHOW ME
  1. Home
  2. News
  3. GoDaddy Says Data Breach Exposes Up to 1.2 Million Client Accounts

GoDaddy Says Data Breach Exposes Up to 1.2 Million Client Accounts

CategoryManaged WordPress Hosting
ByHostingjournalist Team
PublishedNovember 23, 2021
TypeEditorial News

News Summary

Keysight Technologies (NYSE: KEYS), a company with revenues of $4.2 billion in fiscal year 2020 delivering cloud and network optimization technologies, has launched its new AresONE-S 400GE test system. The new solution enables network equipment manufacturers and data center operators to validate complex, mixed 400 gigabit Ethernet (GE) and lower-speed networks and devices.
Join HostingJournalist Insider Today
GoDaddy Says Data Breach Exposes Up to 1.2 Million Client Accounts

A data breach at web hosting company GoDaddy may have exposed the personal information of up to 1.2 million clients. After discovering unauthorized third-party access to GoDaddy’s Managed WordPress web hosting environment on November 17, the web hosting company immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.

Email addresses and client numbers of current and inactive customers who utilized GoDaddy’s Managed WordPress web hosting service, a service for developing and maintaining WordPress websites, were among the personal information exposed. The exposure of these email addresses presents risk of phishing attacks.

Malicious Access to Provisioning System

Photo Demetrius Comes, CISO at GoDaddy “We will learn from this security incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” said Demetrius Comes, CISO at GoDaddy.

It started as follows. An unauthorized third party exploited a vulnerability on September 6, 2021, to obtain access to client information via a hacked password. The unauthorized third party gained access to the provisioning system in GoDaddy’s Managed WordPress legacy code base by using this hacked password.

GoDaddy quickly barred the unauthorized third party from their systems after becoming aware of the situation.

The web hosting provider’s investigation is ongoing, says GoDaddy’s Chief Information Security Officer, Demetrius Comes. Impacted customers have been alerted directly with specific details, but clients are also encouraged to contact GoDaddy through their customer support center.

Some of the security measures GoDaddy has already taken include:

  • The original WordPress Admin password was revealed, which was set at the time of provisioning. GoDaddy has reset the passwords if such credentials were still in use
  • sFTP and database usernames and passwords were made public for active clients. Both passwords were reset by GoDaddy
  • The SSL private key was exposed for a subset of active clients. For such clients, GoDaddy is in the process of providing and installing fresh certificates
“We are sincerely sorry for this incident and the concern it causes for our customers,” said Demetrius Comes, Chief Information Security Officer at GoDaddy. “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

Chief Information Security Officer CISO Demetrius Comes godaddy GoDaddy data breach managed wordpress hosting web hosting
Previous Article
Next Article

More HostingJournalist News

Bluehost Unveils New Cloud-based Managed WordPress Hosting Platform November 23, 2021 | Managed WordPress Hosting
New Managed WordPress Hosting Unveiled by DigitalOcean November 23, 2021 | Managed WordPress Hosting
GoDaddy Enhances Managed WordPress with Zend PHP Support by Perforce November 23, 2021 | Managed WordPress Hosting

Follow HostingJournalist

Other Channels