Last year, web host GoDaddy discovered that it had breached some of its customer data. The GoDaddy data breach happened when hackers accessed one of the company’s databases. The affected databased held the credentials of 1.2 million managed WordPress customers.
The data was compromised for over two months before GoDaddy realised it had been hacked.
GoDaddy discovered the breach on 17 November 2021 and it released a statement outlining what happened on 22 November. Data exposed in the hack included WordPress admin passwords (those set automatically by the system when the website was first created) and private SLL keys.
Are GoDaddy customers at risk following the data breach?
You could be affected by the GoDaddy data breach if you:
- Are a managed WordPress customer
- Have an SSL certificate issued by GoDaddy
- Have purchased hosting through a GoDaddy reseller.
Worryingly, SLL certificates help to make websites secure. So, if yours has been compromised, your website could be at high risk of hacks and other attacks.
While GoDaddy is thought to have contacted affected customers and warned them about the data breach, many still have serious concerns about the risk to their websites, private data, and businesses.
How to protect yourself following the GoDaddy data breach
If GoDaddy has informed you that your data was breached (or if you are at all concerned that it could have been), you should:
- Assume that your website could be affected by malware. Check your site using a malware scanning tool. If you find anything malicious, use a trusted malware clean-up and protection service to clean your site. You should also install security software that offers daily scans.
- Assume that hackers have access to your website and change all your passwords immediately. This includes your admin account, user accounts, database passwords and SFTOP credentials. Even if GoDaddy has already done this for you, we recommend that you do so again. Do not use the same passwords you use elsewhere.
- Change your passwords if you have reused the same ones for other accounts (in addition to those listed above)
- Get another SSL certificate. It is up to you whether you want to use GoDaddy to do this.
If your website stores personal customer data and/or financial information and you have been told that your site could be compromised, you might want to warn your customers that their data could be exposed. You may also want to alert the ICO. You do not need to report every breach and there is more guidance on the ICO website. However, you should do this if there is evidence that your site has already been accessed by hackers.
Victims of the GoDaddy data breach might be entitled to compensation
Those involved in the GoDaddy data breach might be due compensation for any distress or losses experienced. GoDaddy has contacted those affected by this breach and we strongly urge anyone who has received such a notification to get in touch with us to discuss a potential claim.