GoDaddy, the web hosting and domain registry firm faced a huge breach. The security breach, leaking over one million email addresses gave the attacker access through a ‘compromised password’.
All you need to know about the GoDaddy security breach
The web hosting company reported that the attacker gained access to a provisioning system “using a compromised password”. The provisioning system automatically configures new sites when customers create a new site on the platform. The intrusion was noticed on November 17 and the firm was quick in locking out the attacker before starting an investigation.
GoDaddy took time in responding to requests on how the attacker gained access to the “compromised password”. However, later it announced that the investigation for getting the knowledge is in progress. Several other recent security breaches are due to social engineering and phishing. However, the company has some upsetting history in testing its employees’ awareness when it comes to fake emails. After all, all the attackers need is one simple click.
What did the attackers access?
The email addresses are not the only things the attackers got access to. With the break, they could see the original WordPress admin password, set up by th provisioner system upon signing up. Additionally, all credentials for sFTP systems and active users’ databases got compromised. According to GoDaddy, the breach also exposed the private SSL keys of some customers. Private SSL keys are vital for authenticating websites. The little lock icon on the address bar will prove that the website is who it says it is.
However, GoDaddy is working on mitigating the issues by resetting passwords and regenerating the security certificates of all affected users. Additionally, they are “contacting all impacted customers directly with specific details”. While these are the right steps, resetting password is a nuisance for some users.