SIGN UP FOR OUR NEWSLETTER & PROMOTIONS!
Sale 20% OFF
ON YOUR NEXT PURCHASE
GoDaddy's data breach affected 1.2 million customers of the domain registrar and web hosting platform, exposing their Wordpress emails and passwords.
The latest data breach of the popular domain hosting platform marks the fifth cyberattack against GoDaddy since 2018, according to the report by Threat Post.
GoDaddy revealed the latest breach in its systems in a filing with the Securities and Exchange Commission or the SEC.
The chief information security officer or CISO of the web hosting firm, Demetrius Comes, revealed that an "unauthorized third party" infiltrated their system to access its WordPress hosting environment.
It is to note that hosting sites like GoDaddy include WordPress hosting, among its other services, such as servers, domain, and even VPS hosting.
The GoDaddy CISO further disclosed that it turns out that the breach began last Sept. 6, but the hackers continued to access their systems until GoDaddy discovered it on Nov. 17.
That said, GoDaddy admitted that it took them more than two months before knowing about any data breach inside its systems affecting millions of users.
Comes said in a post from the website of the domain hosting platform that after discovering the security breach their team began with their investigation.
To be precise, the firm is now working with an IT forensics team and law enforcement to carry out an investigation.
Comes further added that the "unauthorized third party" accessed the systems of the web hosting site by using a compromised password, giving the attackers a doorway to the legacy codebase of its Managed WordPress.
Although GoDaddy is still investigating the extent of the attack, there is now information about some of the potentially accessed information, such as the emails and the customer numbers of 1.2 million active and inactive customers.
On top of that, the data breach also exposed the usernames and passwords of active customers of the sFTP and database. However, it is to note that all these passwords have now been reset.
The hosting firm clarified that the investigation regarding its latest data breach is still ongoing.
That said, there might be more information in the coming days as the hosting site discovers more about the extent of the recent breach.
Meanwhile, GoDaddy said that it is currently getting in touch with the millions of customers who were affected by the hacking incident to talk about specific details about the attack.
Elsewhere, back on May 6, 2020, the domain hosting site, GoDaddy, also figured in another data breach, which exposed around 28,000 customers.