A notice that published today from GoDaddy says they were leaked data up to 1,2 million of its customers when hackers gained access to its Managed WordPress hosting environment.
The incident was discovered by GoDaddy last Wednesday, November 17, but the intruders had access to its network and data thw at least since September 6 toy 2021.
"We detected suspicious activity in the Managed WordPress hosting environment and immediately started an investigation with the help of a security company. We also contacted law enforcement directly, "said Demetrius Comes, Chief Information Security Officer at GoDaddy.
"Using an invalid password, an unauthorized user has gained access to the Managed WordPress system."
"Our investigation is ongoing and we communicate directly with all our affected customers with specific details. Customers can also contact us through the help center (https://www.godaddy.com/help) which includes telephone numbers depending on the country. "
The intruders were able to access the following GoDaddy client information:
- Up to 1,2 million active and inactive Managed WordPress customers had their email address and customer number leaked. THE report of emails presents a risk of phishing attacks.
- The original WordPress Administrator password that was set at the time the service was launched has been revealed.
- For active clients, usernames and sFTP and database passwords were revealed.
- For a subset of active clients, the private SSL key has been revealed.
For those who don't know GoDaddy is the largest registrar domain in the world and a web hosting company serving more than 20 million users worldwide.
