GoDaddy, a web registration and hosting business, announced that it had been hacked in filings with the Securities and Exchange Commission. An “unauthorised third party” has acquired access to the company’s Managed WordPress hosting environment, according to the company. Users’ email addresses and customer numbers, as well as admin passwords for both WordPress sites hosted on the platform, as well as credentials for sFTPs, databases, and SSL private keys, were all exposed. According to the document, GoDaddy believes the incident occurred on September 6th, 2021, and the investigation is still underway. GoDaddy is actively cooperating with law enforcement and a private IT forensics firm, according to Demetrius Comes, Chief Information Security Officer. It also claims to have reset the relevant passwords and to be working with users to provide new SSL certificates. Comes concludes his speech by claiming that the corporation will “learn from this experience” and take steps to prevent similar breaches in the future, perhaps a little too late. This is far from the first time in recent years that GoDaddy has been mentioned in the same breath as a security incident. An AWS issue exposed data on GoDaddy servers in 2018, and an unauthorised individual breached 28,000 user accounts in 2020. GoDaddy was also mentioned in a hack that brought down a number of cryptocurrency-related websites later last year
