Security News > 2021 > November > SSL keys, sFTP passwords and more exposed after someone broke into GoDaddy Managed WordPress using 'compromised password'

GoDaddy has admitted to America's financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys.

GoDaddy's chief information security officer Demetrius Comes said his company "Immediately began an investigation with the help of an IT forensics firm and contacted law enforcement."

According to GoDaddy, the sFTP and database usernames and passwords of active user accounts were accessible, too, and these have been reset as well.

"We are in the process of issuing and installing new certificates for those customers." GoDaddy has not responded to a request for further details and exact numbers of users affected.

Comes didn't say if any data had actually been exfiltrated from GoDaddy's servers, though did warn that the pairing of "Email addresses and customer numbers" puts customers at risk of phishing.

Now would be a good time for GoDaddy users to be on alert for suspicious emails asking them to log in to, say, confirm their details: if in doubt, go straight to the GoDaddy website.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/11/22/godaddy_managed_wordpress_ssl_keys/