Hosting company GoDaddy has said that around 1.2 million users have been affected by a data breach on its managed WordPress hosting service.
The hack is said to have exposed email addresses, customer numbers, administrative login credentials, and in some cases SSL private keys.
The hosting company discovered that an intruder had gained access to its managed WordPress hosting environment on Nov 17, it said in a filing with the SEC. The intruder used a stolen password to access the provisioning system for the service.
Up to 1.2 million active and former users of the company's managed service had their email addresses and customer numbers exposed, the company said, raising the possibility of further phishing attacks to come. The original administrative passwords for the managed WordPress accounts were also available to the hacker, putting the accounts themselves at risk if the credentials were still in use.
Also exposed were sFTP and database usernames and passwords, and an undisclosed number of users also had their SSL private keys exposed.
RELATED RESOURCE
Protecting every edge to make hackers’ jobs harder, not yours
How to support and secure hybrid architectures
GoDaddy discovered that the intruder had been inside the system since September 6, meaning that the hacker has had access to the data for over two months. It worked with a forensics company upon discovering the incident, and has taken steps to safeguard its systems, including changing original administrative passwords that were still in use, resetting sFTP and database passwords, and installing new digital certificates for affected customers.
"We are sincerely sorry for this incident and the concern it causes for our customers," the company said in its filing. "We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection."
In 2017, the company revoked thousands of SSL certificates after issuing them without proper checks and authorization. In January 2019, an independent researcher found a vulnerability in its process for handling DNS change requests that enabled hackers to hijack domains and create phishing campaigns. It also notified customers of a hack that exposed SSH login details in the same year.
-
Redis unveils new tools for developers working on AI applicationsNews Redis has announced new tools aimed at making it easier for AI developers to build applications and optimize large language model (LLM) outputs.
-
Google layoffs continueNews The tech giant's efficiency drive enters a third year with devices teams the latest target
-
Leaked Nvidia certificates used to sign malware bypassing Windows detectionNews Windows admins are advised to implement custom policies to avoid seemingly legitimate malware making its way into corporate environments
-
Why is SSL under attack?In-depth Don't get sidetracked by a storm in the SSL teacup, warns Davey Winder...
-
Facebook warns of new Superfish threatNews The fake security certificate used by the Lenovo-installed adware can be re-used by hackers, says social network
-
OS X Mavericks update to fix major security flaw in MacsNews Apple follows iOS 7 update with Mac OS X Mavericks patch to address encryption issues.
-
Who to trust after the VeriSign hack?In-depth Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.
-
SSL under threat as flaw exploitedNews Fears over the security credentials of SSL rise after researchers claim to have found a way to exploit a long-known vulnerability.
-
MI6 targeted in DigiNotar hackNews MI6, the CIA and Facebook were all targeted following a hack on certificate authority DigiNotar.
-
Major SSL encryption flaw hits the web
News Tech companies using SSL have some serious work to do to fix a big hole that could leave internet users at risk.
