A notice that published Today, GoDaddy reports that data of up to 1,2 million of its customers were leaked when hackers gained access to the Managed WordPress hosting environment.
The incident was discovered by GoDaddy last Wednesday, November 17, but the intruders had access to its network and data thw at least since September 6 toy 2021.
"We detected suspicious activity in the Managed WordPress hosting environment and immediately started an investigation with the help of a security company. We also contacted law enforcement directly, "said Demetrius Comes, Chief Information Security Officer at GoDaddy.
"Using an invalid password, an unauthorized user has gained access to the Managed WordPress system."
"Our investigation is ongoing and we communicate directly with all our affected customers with specific details. Customers can also contact us through the help center (https://www.godaddy.com/help) which includes telephone numbers depending on the country. "
The intruders were able to access the following GoDaddy client information:
- Up to 1,2 million active and inactive customers of the Managed WordPress service have been leaked their email address and customer number. Email exposure poses a risk of phishing attacks.
- The original WordPress Administrator password that was set at the time the service was launched has been revealed.
- For active clients, usernames and sFTP and database passwords were revealed.
- For a subset of active clients, the private SSL key has been revealed.
For those unfamiliar, GoDaddy is the largest domain registrar in the world and a web hosting company providing services to more than 20 million users worldwide.