NEW DELHI: GoDaddy, a domain registrar, has revealed details of a significant security breach that exposed the personal information of 1.2 million clients.
Demetrius Comes, GoDaddy’s Chief Information Security Officer, detailed the intrusion in a filing with the US Securities and Exchange Commission. On Nov. 17, suspicious activity was noticed in the company’s Managed WordPress hosting environment, which turned out to be a third-party gaining access through a compromised password.
The email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress customers were exposed. The third-party also had access to these accounts’ WordPress Admin passwords, as well as the active customers’ sFTP database username and password. The SSL private key was also exposed for a “subset of active customers.”
GoDaddy is working with an IT forensics firm to investigate the incident, and law enforcement is also involved. Passwords for WordPress accounts and database access have already been reset, and impacted customers have received new SSL certificates.
Although the corporation acknowledges that exposing email addresses exposes users to phishing attacks, no offer of free protection has been made.
“We apologise for this situation and the concern it has caused our customers. We, at GoDaddy, take our obligation to protect our clients’ data very seriously, and we never want to disappoint them. We will take steps to tighten our provisioning system with extra layers of protection as a result of this occurrence.”
Follow The420.in on