Up to 1.2 million GoDaddy customers’ data exposed in breach

Data connected with up to 1.2 million GoDaddy customers may have been accessed by an unauthorized party, the company reported to the U.S. Securities and Exhcnage Commission Monday.

GoDaddy, a behemoth in the commercial web hosting and domain registrar space, reported that it discovered the apparent intrusion on Nov. 17, and that the improper access dated back to Sept. 6.

Using a compromised password, an unknown party accessed a GoDaddy system dedicated to managed WordPress services, where the company offers customers hosting and other content management features. Up to 1.2 million active and inactive customers’ email addresses and customer numbers were exposed, which could set them up for phishing attacks, Demetrius Comes, the company’s chief information security officer, wrote in the notice.

“We are sincerely sorry for this incident and the concern it causes for our customers,” Comes wrote. “We, GoDaddy leadership and employees, take our responsibility to protect customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

The active customers’ data included database usernames and passwords, and a subset of customers’ private SSL encryption keys were exposed, Comes wrote. Passwords have been reset and the company is in the process of issuing and installing new SSL certificates.

GoDaddy regularly faces distributed denial-of-service attacks, as well as an “increased level” of social engineering efforts, including “several successful” campaigns by “a persistent threat actor” attempting to transfer domain names related to cryptocurrency, the company noted in its Nov. 4 quarterly SEC filing.