Web hosting company GoDaddy reveals new hack exposed up to 1.2 MILLION of its customer emails and numbers that puts users at risk of phishing attacks
- GoDaddy is an internet domain and web hosting company based in New York
- The company filed an incident report with the SEC regarding a recent hack
- It says up to 1.2 million customer emails and account numbers were exposed
- The attack happened on September 6, but was spotted on November 17
GoDaddy, an internet domain and web hosting company, announced that almost 1.2 million of its customers’ accounts were exposed in a recent hack.
The American company filed an incident report with the Securities and Exchange Commission (SEC) on Monday, stating it had identified ‘suspicious activity’ in its Managed WordPress hosting environment.
According to the document, ‘an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.’
GoDaddy notes that emails and customer numbers were collected during the attack and warns that this could result in phishing attacks, a type of scam where an attacker sends a fraudulent message designed to trick the victim into giving them sensitive information.
GoDaddy, an internet domain and web hosting company, announced up to 1.2 million of its customers’ accounts were exposed in a recent hack.
‘We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,’ Chief Information Security Officer Demetrius Comes said in the filing.
The company, whose shares fell about 1.6 percent in early trading on Monday, said it had immediately blocked the unauthorized third party, and an investigation was still going on.
GoDaddy found the unauthorized third party accessed its system on September 6, 2021, but the firm did not identify the attach until November 17.
For active customers, SSH File Transfer Protocol, which is a network protocol that provides file access, transfer and management over a data stream, and database usernames and passwords were exposed.
GoDaddy found the unauthorized third party accessed its system on Sept 6, 2021, but the firm did not identify the attach until Nov 17. The company, whose shares fell about 1.6 percent in early trading on Monday, said it had immediately blocked the unauthorized third party
However, the filing says GoDaddy has reset both passwords.
Comes also notes that the firm is working with law enforcement and private IT forensic companies, according to Engadget, which first reported on the matter.
‘We are sincerely sorry for this incident and the concern it causes for our customers,’ Comes wrote in the SEC filing.
‘We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.’
This is not the first time GoDaddy has been attacked: in 2012, a separate incident shut down all websites hosted on its system – impacting thousands, maybe even millions, of businesses.
The attack knocked the websites off line for several hours on September 10 and a Twitter feed claimed to claims to be affiliated with the ‘Anonymous’ hacker group.
FoxNews later identified the hacker as twitter user Own3r after he emailed the site and they verified the scammer’s identity through various Twitter claims.
A more recent attack on GoDaddy was confirmed by the company in May 2020, admitting 28,000 customer hosting accounts were compromised in a security breach.
According to BleepingComputer, GoDaddy recently informed customers that an ‘unauthorized individual’ had gained access to login information of the company’s hosting accounts.
GoDaddy says that though user accounts had been accessed there was no evidence that they had been modified. It has since reset passwords of those affected.
It also note that only login and password information of hosting accounts were compromised while main accounts had not been breached.