Domain registrar GoDaddy recently announced a data breach impacting 1.2 million customers via its Managed WordPress hosting environment. Here's how the breach is unfolding. Credit: Hernan4429 / Getty Images Security incidents affecting WordPress have been of notable prevalence in recent years as more companies rely on the hugely popular content management system to power their websites. The latest organizations to fall foul of WordPress security vulnerabilities is domain registrar GoDaddy, which recently went public on unauthorized third-party access to its Managed WordPress hosting environment, impacting up to 1.2 million active and inactive customers.Here is a timeline of the incident featuring detail and insight from the company and experts across the field.GoDaddy WordPress data breach timelineNovember 17, 2021: GoDaddy discovers unauthorized third-party access on Managed WordPressIn a Securities and Exchange Commission (SEC) filing, Demetrius Comes, GoDaddy’s CISO, announced that the organization had discovered unauthorized access to its Managed WordPress servers. GoDaddy determined that the incident began on September 6, 2021, and exposed data on 1.2 million active and inactive Managed WordPress customers. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Comes said. “Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.” November 22, 2021: GoDaddy announces data breach GoDaddy reveals the breach in the above-mentioned SEC filing and announced that it had blocked the unauthorized third party from is systems. While the investigation continues, GoDaddy determined the third party had exploited a vulnerability to access the following customer information: Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed, presenting a risk of phishing attacksThe original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, GoDaddy reset those passwordsFor active customers, sFTP and database usernames and passwords were exposed. GoDaddy reset both passwordsFor a subset of active customers, the SSL private key was exposed. GoDaddy was in the process of issuing and installing new certificates for those customers“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” said Comes.November 23, 2021: Cybersecurity industry reacts, and Managed WordPress resellers revealed to be impactedIn the wake of GoDaddy’s data breach announcement, experts in the cybersecurity field shared reactions and insight around the incident, GoDaddy’s response, and the wider implications for organizations and users. “Perhaps one of the most surprising revelations to come out of the GoDaddy breach is the delay between the initial attack and the company’s discovery of the breach over a month later,” said Dominic Trott, UK manager at Orange Cyberdefense. “A lack of round-the-clock threat detection and response activity will inevitably leave critical assets such as customer data at much greater risk of exploitation, exposing GoDaddy to both reputational and financial damage. In this case, 1.2 million email addresses and account passwords were breached, leaving customers vulnerable to the threat of phishing that could put them, their personal devices, and finances at risk.”Digital cryptography expert and Sectigo CTO Nick France said breaches of this nature in which large amounts of private keys are compromised ultimately lead to events where the compromised certificates all need to be revoked in a very short space of time. “The impact this can have on businesses reliant on those certificates can be significant—especially on holiday weeks such as this.”Indeed, a breach of this size is particularly dangerous around the holidays, added Ed Williams, director, Trustwave SpiderLabs. “Hackers try to take advantage of every new email address and password exposed in an attempt to launch phishing attacks and social engineering schemes.” Wordfence confirmed that at least six resellers of GoDaddy Managed WordPress were also affected by the breach: tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe. GoDaddy said that only a small number of reseller customers were affected. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe