About

GoDaddy data breach leaks credentials of 1.2 million users

Private data of the Managed WordPress hosting users on GoDaddy has been compromised. Over 1.2 million users are impacted due to the recent data breach at GoDaddy. The breach seems to have been in operation for a little over two months, before GoDaddy acknowledged the security incident on 22nd November, 2021. The current impact of the leaked data breach affects GoDaddy’s managed WordPress hosting customers.

What is the impact of the GoDaddy data breach?

The impact of GoDaddy data breach is, currently, limited to managed WordPress hosting customers. However, investigation into the security incident is ongoing. It is unclear if the scope of the security incident goes beyond the managed WordPress hosting offering. Nearly 1.2 million customers on the managed WordPress hosting have been impacted in terms of:

  • the email address of managed WordPress hosting has been leaked.
  • the account number of managed WordPress hosting customers has also been compromised.
  • unauthorized access on the managed WordPress hosting platform has been detected as part of security incident and forensics.
  • WordPress admin logins, passwords, database login, database password and SSL keys are impacted and breached as part of the security incident.
  • the data breach has been ongoing since 6th September, 2021.

What action has GoDaddy taken?

On its part, GoDaddy has taken the following action:

  • GoDaddy has intimated the law enforcement agencies about the data breach. This is important, given the fact that there has been a surge in security incidents in the United States lately.
  • GoDaddy has forced a change of passwords for the managed WordPress hosting customers.
  • GoDaddy, seemingly, is in the middle of a full-blown security audit. The audit trail will reflect the actual scope, impact and affect of this data breach.

I am a GoDaddy customer. What should I do?

If you are a managed WordPress hosting customer of GoDaddy, you may take the following security recourse to protect your account:

  • change the GoDaddy account password.
  • reset the WordPress’s wp-admin login and passwords. We suggest that you should disable the current-in-user admin login. If you use the default admin login, please do reset its password as you may not be able to disable it. Create a new admin login to the WordPress website, that is altogether unrelated to the default admin login or pre-existing admin login.
  • reset the database login and password of your WordPress website. You may search online for instructions to reset the database username and password for WordPress websites.
  • re-generate the SSL keys, and re-deploy the SSL certificates through these SSL keys.

Understandably, some of these tasks may require you to seek outside help. Please do not desist from seeking help to get these issues resolved on your GoDaddy account.

If you are a non-WordPress hosting user on GoDaddy, you may not need to take any action as of the security incident details. If you are one of the more concerned GoDaddy customers, please feel free to reset your account’s password. That should keep your GoDaddy customer account in good standing and stead.

How did the data breach happen?

GoDaddy has released a statement – “Our investigation is ongoing and we are contacting all impacted customers directly with specific details,” says Demetrius Comes, chief information security officer of GoDaddy. “We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

The data breach seems to have happened through a file that contained passwords of the managed WordPress hosting customers. The leaked credentials have led to compromise of the managed WordPress hosting customers. More details about the exact loophole are awaited.

What has been the timeline of the data breach at GoDaddy?

GoDaddy has released the following details pertaining to the security incident involving data breach of the managed WordPress hosting customers:

  • security trail shows the security incident trail going back to 6th September.
  • GoDaddy detected the breach on 17th November
  • GoDaddy released a statement acknowledging the security incident on Monday, 22nd November, 2021.

Since the security is under investigation, these details may further change in the near term.