Skip to main content
close search
site logo
Dive Brief

GoDaddy breach raises questions about how to secure identity in the enterprise

Published Nov. 23, 2021 Updated Nov. 24, 2021
David Jones's headshot
Reporter
GoDaddy banner hangs outside of the New York Stock Exchange
Spencer Platt via Getty Images

UPDATE: Nov. 24, 2021: The massive breach at GoDaddy has directly impacted several WordPress resellers, the web hosting provider and domain registrar confirmed via email. 

"The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost," a spokesperson for GoDaddy said via email. "A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action."

Dive Brief:

  • After detecting suspicious activity, GoDaddy and an IT forensics team discovered a data breach that exposed the emails and customer numbers of up to 1.2 million managed WordPress customers, according to an 8-K filing with the Securities and Exchange Commission. The company has contacted law enforcement. 
  • An unauthorized third party used a compromised password to access the company's WordPress hosting environment between Sept. 6 and Nov.17, when the breach was discovered, according to the disclosure from Demetrius Comes, CISO at GoDaddy. The threat actor accessed GoDaddy's provisioning system in the legacy code base for managed WordPress. The original admin password set at the time of provisioning was exposed. If those credentials were still in use, the passwords have been reset.
  • The SFTP and database usernames and passwords were exposed for active customers, GoDaddy said. For a subset of private customers however, the SSL private key was exposed as well. The company is currently issuing and installing new certificates for those customers.

Dive Insight:

Comes apologized to customers and said the company takes the responsibility of securing data very seriously. 

"We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection," Comes said.

The incident marks the second significant security breach at GoDaddy in about two years. In May 2020, GoDaddy disclosed a data breach that took place in October 2019, which impacted 28,000 customers. 

A breach such as the GoDaddy attack can put business and consumers at risk of phishing attacks, identify theft and credit card fraud, according to Steve Turner, analyst of security and risk at Forrester. 

"This also exposes people who were impacted to advanced attacks where the adversaries can craft very targeted campaigns based on the data that they've gleaned from these Wordpress databases, which would allow them to impersonate the merchants or others down to the extreme detail," Turner said in an email. 

Businesses should purge customer data that isn't currently being used to lower the potential downstream risk of the breach, which revealed information related to current and past customers. 

From an enterprise standpoint, the GoDaddy breach is an illustration of why identity is the security perimeter and is constantly under attack, according to Gartner Research VP Peter Firstbrook

"This attack, along with the Nobelium attacks, the recent Azure CosmosDB vulnerability and numerous other examples, demonstrate why we should expect sustained attacks on the identity system," Firstbrook said. "Enterprise security managers must improve their focus on identity detection and response."

GoDaddy did not return a request for comment. 

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell