On Wednesday, the domain registrar and web hosting company GoDaddy, was hit by a security breach that allowed hackers access to more than 1 million email addresses.
These email addresses were from accounts associated with the company’s managed WordPress users, according to a disclosure filed on Monday.
The hackers not only had access to these email addresses but could also see the original WordPress admin passwords set by GoDaddy’s provisioning system. They could also see credentials for sFTP systems and active users private databases.
The company also says that some customers had their private SSL keys exposed, which are responsible for proving that a website is who it says it is (powering the little lock icon you often see in your browser’s address bar).
According to GoDaddy, this hack was done in early September when hackers used a compromised password to gain access to a new provisioning system. A provisioning system works to set up and automatically configure new sites when customers create them.
GoDaddy immediately locked the attacker out, contacted law investigation and began their own investigation when they noticed the intrusion on November 17th. They are seeking to mitigate the attack by regenerating needed security certificates and resetting affected passwords. They have also been contacting all customers impacted with details of this.
Like many other incidents with both small and large companies, social engineering was the cause of this attack. Maintaining proper password practice remains more critical now than ever, as weak passwords, like in this situation, remain one of the biggest causes of a security breach.