There's been a big push for enterprises to implement SSL on their Web properties but it appears that at least one company may have been a little hasty in their processes.
GoDaddy has reportedly removed, but started re-issuing, new SSL certifications for more than 6,000 customers after a bug was discovered in the registrar's domain validation process back in late July of 2016. Just two percent of the certifications GoDaddy issued from that date to this week were impacted.
According to GoDaddy's vice president and general manager of security products Wayne Thayer the bug caused the domain validation process to fail in certain circumstances. The company says it inadvertently introduced the bug during a routine code change that was intended to improve its certificate issuance process.
GoDaddy revealed that it was not aware of any compromises related to the bug but the issue did expose sites running SSL certificates from GoDaddy to spoofing where a bad actor (hacker) could gain access to certificates and pose as a legitimate site in order to spread malware or steal personal information such as banking credentials.
Customers that were impacted will need to log in to their accounts and initiate the certificate process in the SSL Panel.
Digital marketing executive with proven experience in all aspects of search engine optimization (SEO), performance-based advertising, consumer-generated/social media, email marketing, lead generation, Web design, usability, and analytics. - 20-year Internet marketing veteran, currently serving as the Digital Marketing Campaign Manager at Antenna Group (formerly Chicago Digital). - Former Editor-In-Chief of Website Magazine, and a regular speaker on Web technology digital marketing strategy - Author of several books on digital marketing Including Web 360: The Fundamentals of Web Success; Affiliate 360: The Fundamentals of Performance Marketing; Domains 360: The Fundamentals of Buying & Selling Domain Names, and SEO 360: The Fundamentals of Search Engine Optimization.