Data breaches are becoming all too common lately. Although GoDaddy has acknowledged that they do take protecting customers’ data very seriously it doesn’t negate the fact that what has happened, did.
Once GoDaddy found out about the breach, they took steps to block the hackers immediately. After investigating the incident further they had determined that it actually began on September 6, 2021.
The hackers were able to gain access to the following information:
- Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed.
- The original WordPress Admin password that was set at the time of provisioning was exposed.
- For active customers, sFTP and database usernames and passwords were exposed.
- For a subset of active customers, the SSL private key was exposed.
GoDaddy did perform remediation steps to resolve the issues. However, the full impact of the compromise is a variable that may take some time to understand completely. You can read the full US Securities and Equities Commission (SEC) security incident press release to learn the exact line-by-line remediation steps taken by GoDaddy.
Security Incident Response Time
The threat was identified on November 17th, 2021 which was more than 10 weeks (more than 1,680hrs) after the breach start date of September 6th, 2021. This brings to mind quite a few questions that I’m sure will be answered as further investigation into the security incident is made public.
We applaud GoDaddy for the willingness to share with the world that this security incident was something they could learn from. However, not having layered protection properly applied is something that can baffle even the most junior-level cybersecurity professional.