1.2 million of GoDaddy’s customers trapped in the phishing attack

GoDaddy has warned its users that this exposure can put them at greater risk of phishing attacks

GoDaddy has warned its users that this exposure can put them at greater risk of phishing attacks
GoDaddy has warned its users that this exposure can put them at greater risk of phishing attacks

GoDaddy says nearly 1.2 mn of its WordPress websites breached

The New York-based internet domain and web hosting company, GoDaddy revealed that almost 1.2 million of its customers’ accounts were exposed in a recent hack. It also announced that many numbers of users are at risk of phishing attacks.

GoDaddy has filed an incident report with the Securities and Exchange Commission (SEC) on Monday, stating it had identified ‘suspicious activity’ in its managed WordPress hosting environment.

According to the report filed by GoDaddy, the attacker initially gained access via a compromised password on September 6, 2021, and was discovered on November 17, 2021, at which point their access was revoked.

While the company took immediate action to mitigate the damage, the attacker had more than two months to establish persistence, so anyone currently using GoDaddy’s managed WordPress product should assume compromise until they can confirm that is not the case.

In a blog post, GoDaddy’s Chief Information Security Officer (CISO) Demetrius Comes said that they’ve discovered unauthorized access to its managed WordPress servers.

“Up to 1.2 million active and inactive managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents the risk of phishing attacks,” Comes said late on Monday.

On November 17, the company discovered unauthorized third-party access to our managed WordPress hosting environment.

“We identified suspicious activity in our managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for managed WordPress,” the company explained.

GoDaddy has warned users that this exposure can put them at greater risk of phishing attacks.

The investigation is ongoing, but “we have determined that beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information“, the company informed.

The original WordPress Admin password that was set at the time of provisioning was also exposed.

“If those credentials were still in use, we reset those passwords. For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords,” said GoDaddy.

“We are sincerely sorry for this incident and the concern it causes for our customers. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” said Comes.

[With Inputs from IANS]

PGurus is now on Telegram. Click here to join our channel and stay updated with all the latest news and views

For all the latest updates, download PGurus App.

1 COMMENT

  1. Has PGURUS forgotten about Vijaya Mallaya & Nirav Modi case follow-up….. is it over or need to wait for another election time for the news to return on to the media just for votes…?

LEAVE A REPLY

Please enter your comment!
Please enter your name here