January 12, 2017

GoDaddy forced to revoke SSL certificates

A recently discovered bug left 6000+ customers vulnerable for over 6 months

Cloud Security Alliance

This week, domain registrar and web hosting company GoDaddy was forced to revoke about 9000 SSL certificates for over 6000 customers. The action was taken after it discovered a bug in its domain validation system. GoDaddy has given a statement regarding the issue on its blog.

GoDaddy routinely issues SSL certificates, small data files that protect users’ data on websites and enable HTTPS encryption. HTTPS indicates that the connection made to a website is encrypted and keeps financial transactions on the given websites safe.

The SSL certificates issued by GoDaddy were revoked to prevent hackers from exploiting a security vulnerability that removes HTTPS encryption from websites, which means that many websites were not secure for over six months. The company said that it is working to re-issue SSL certificate for affected customers.

Wayne Thayer, General Manager of Security Products at GoDaddy commented:

GoDaddy inadvertently introduced the bug during a routine code change intended to improve our certificate issuance process.

The bug caused the domain validation process to fail in certain circumstances.