As USA Today and TechCrunch report, GoDaddy disclosed the breach in a November 22 regulatory filing. Demetrius Comes, chief information security officer of GoDaddy, said the company found that an unauthorized third-party was accessing the systems where it manages customers’ servers for WordPress, a popular content management system for blogs and websites.
Detected on November 17, the unauthorized access began around September 6, the company said. Information exposed included email addresses and passwords.
Dominic Trott, UK manager at Orange Cyberdefense, told CSO Online that the time between the breach and its discovery was surprising and “expos[ed] GoDaddy to both reputational and financial damage.”
Trustwave SpiderLabs director Ed Williams, also speaking with CSO Online, said that hackers would “try to take advantage of every new email address and password exposed in an attempt to launch phishing attacks and social engineering schemes.”
Anurag Kahol, chief executive at Bitglass, told SecurityBrief Asia that with the common reuse of passwords, this exposure of one set of user credentials could lead to other accounts being hijacked.
Glasswall CEO Danny Lopez, also speaking with SecurityBrief, called hackers’ access to a hosting company particularly concerning, in light of how much sensitive information such entities control. “Organizations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems,” Lopez said.
A day after disclosing the breach, GoDaddy confirmed that customers of several brands that resell GoDaddy Managed WordPress were also affected. They are: tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe. A company spokesperson told WordFence, “A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident.”
As Insurance Times reports, cyber analytics firm CyberCube also called the GoDaddy data breach “a wake-up call” to the insurance sector.