GoDaddy Suffers Data Breach Affecting 1.2 Million Customers

One of the leading names among domain registrar entities, GoDaddy, reported a new data breach that led to the information of 1.2 million customers leaking into the hands of a bad actor.

The domain registration company, which is also a publicly traded entity, reported the data breach in an official filing submitted with the American Securities and Exchange Commission on November 22.

GoDaddy mirrored a news post it made with its SEC filing, informing the public that the company's servers have been breached by an "unauthorized third party". The unpleasant bit of information communicated is that the company found out the breach took place in early September 2021 but GoDaddy only became aware of the incident in the first half of November. This means whatever bad party managed to gain unauthorized access also maintained that access over the course of about two months.

The part of GoDaddy's infrastructure that was compromised in the breach was the company's Managed WordPress hosting environment. In essence, the managed environment allows customers to run a WordPress website without the need to deal with any advanced and complex configuration, updates, or maintenance of the underlying platform, with all of those things handles by GoDaddy's service.

According to the company, the hackers who breached the Managed WordPress environment used a compromised password to gain access.

The data that was obtained by the hackers involved in the attack varies but includes 1.2 million customer emails and client numbers, correlating to both active and inactive customer accounts. Data accessed illegally in the breach also includes sFTP and database usernames and passwords, but all affected passwords have already been reset by GoDaddy and customers have been notified. SSL private keys were also accessed.

The total number of customers affected in some form by the breach is at least 1.2 million.

Going over the details of the breach, security experts offered some really unpleasant scenarios of what the bad actors could potentially do with the stolen database records. The least scary scenarios are already pretty unpleasant. Experts mentioned the possibility for hackers to hijack domains and then attempt to sell them back to their legitimate owners.

The darkest possibilities included what researchers called "extinction-level events", including redirecting visitors on compromised pages to spoofed designs on malicious servers, used to spread malware, or scraping login credentials and card information from the unsuspecting visitors.