A data security breach at leading web hosting company, GoDaddy, has placed over a million WordPress users at risk.
In a filing with the U.S. Securities and Exchange Commission (SEC) on Monday, GoDaddy chief information security officer Demetrius Comes revealed that a third party was making unauthorized access to the company's Managed WordPress hosting environment, Tech Republic reported.
After alerting authorities and enlisting an IT security forensics company to probe the breach, GoDaddy discovered the third party's malicious act of using a compromised password to get into the provisioning system in the company's code base for Managed WordPress.
GoDaddy Security Breach: Email Addresses, Numbers of 1.2 Million Customers Compromised
This compromised Managed WordPress user information, such as e-mail addresses and numbers of 1.2 million active and inactive customers. It also led to the exposure of original WordPress Admin passwords of these accounts at the time of their provision that forced GoDaddy to reset them.
The breach also placed secure File Transfer Protocol (sFTP) and database usernames and passwords at risk, which also needed a reset. And, for a number of customers, their secure sockets layer (SSL) private keys were also cracked. GoDaddy announced it was setting up new SSL certificates for the affected users.
If you are a GoDaddy customer who chose to create and manage your own WordPress-developed sites or blogs under the Managed WordPress service, your data might have been compromised. In this setup, GoDaddy oversees basic administration tasks, which include installing and updating WordPress and hosted site back-ups. GoDaddy's provisioning system is utilized to have the WordPress system to be backward-compatible.
GoDaddy immediately blocked the third party from its hosting environment after it discovered the breach, Comes noted. But the hacker was seen to have been using the compromised password since early September, giving them two months to wreak havoc on their system before the breach was found out.
Despite massive cybersecurity investments of the $3.3 billion web hosting company and Internet domain provider, a hacker managed to avoid detection for two months, Arctic Wolf chief technology officer Ian McShane said in the TechRepublic report. This leads to the kind of sophistication cybercriminals are employing to breach large corporations.
McShane said the "mean time" to detecting breaches are "inflated" and do not "reflect the reality of a non-nation state attacker" that could possible breach even the most fail-safe systems.
GoDaddy Promises Enhanced Protection for Managed WordPress Provisioning System
GoDaddy's investigation is ongoing, and it has reportedly notified affected customers with details about the breach. The company had since apologized for the incident and promised that it would learn from the attack. GoDaddy also emphasized that it is now enhancing the provisioning system with added layers of protection.
The effects of this breach are still unknown, given the millions of accounts that were compromised. With the two months that the user information was attacked, hackers might have exploited the stolen data for fresh breaches.
Such a breach would seem to be a massive ransomware opportunity for hackers, given the huge number of accounts that were breached, McShane added in the TechRepublic report. He added that such breaches normally "devolve into ransomware and extortion sagas.