There’s been a big push for enterprises to implement SSL on their Web properties but it appears that at least one company may have been a little hasty in their processes.
GoDaddy has reportedly removed, but started re-issuing, new SSL certifications for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process back in late July of 2016. Just two percent of the certifications GoDaddy issued from that date to this week were impacted.
According to GoDaddy’s vice president and general manager of security products Wayne Thayer the bug caused the domain validation process to fail in certain circumstances. The company says it inadvertently introduced the bug during a routine code change that was intended to improve its certificate issuance process.
GoDaddy revealed that it was not aware of any compromises related to the bug but the issue did expose sites running SSL certificates from GoDaddy to spoofing where a bad actor (hacker) could gain access to certificates and pose as a legitimate site in order to spread malware or steal personal information such as banking credentials.
Customers that were impacted will need to log in to their accounts and initiate the certificate process in the SSL Panel.