Over 1mn WordPress users' data hacked, GoDaddy says; phishing attacks feared
The web hosting company GoDaddy Inc reported on Monday that active as well as inactive email addresses of up to 1.3 million WordPress accounts were exposed in an unauthorized third-party. Now, there are widespread fears of phishing attacks being launched on those WordPress users whose data was breached. An unauthorised third party got access to the provisioning system in GoDaddy's legacy code base for Managed WordPress by using a compromised password. The company mentioned in the blogpost that they discovered the incident on November 17.
“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Demetrius Comes, the Chief Information Security Officer of GoDaddy said in the blog post.
After identifying the incident, the web hosting company immediately blocked the unauthorised third party from the system and the investigation is going on. However, a GoDaddy blog post revealed that from the beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to up to 1.2 million WordPress customers with their email address and contact numbers. The exposure of email addresses hints towards the risk of phishing attacks.
What action did GoDaddy take against the data breach?
In addition to the email addresses and mobile numbers, the original WordPress Admin passwords that used to be set at the time of provisioning were exposed. The chief Information Security Officer informed that if those credentials were still in use then GoDaddy reset those passwords.
Similarly, the sFTP and database usernames and passwords of active customers were exposed, whose passwords are not reset. Additionally, the SSL key was exposed for a subset of active customers, in regard to that company mentioned that, "We are in the process of issuing and installing new certificates for those customers."
The blog post further stated that the investigation is still going on and GoDaddy is directly contacting all the impacted customers with specific details. The company also asked that if customers want to contact via mentioned phone numbers on the website based on their country or can visit the help center at https://www.godaddy.com/help.
“We (GoDaddy) will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” the company said in the statement.