Web hosting company Godaddy has confirmed a data breach exposing data belonging to 1.2 million WordPress customers
The company said on November 17, 2021, it detected unauthorized third-party access to their system using a compromised password.
“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. “ said Demetrius Comes, Chief Information Security Officer of Godaddy in a filing.
According to the investigation, the intrusion began on September 6, 2021, and upon detection, the company immediately blocked the unauthorized third party access to their systems.
The exposed information includes
- Email address and customer number of 1.2 million active and inactive Managed WordPress customers.
- The original WordPress Admin password that was set at the time of provisioning. Comes said that the password will be reset, if those were still in use.
- Secure File Transfer Protocol (SFTP) and database usernames and passwords of active customers. Both the passwords will be reset.
- The SSL private key for a subset of active customers. The company said they are in the process of issuing and installing new certificates to the affected customers
Godaddy said they are in the process of contacting all impacted customers and Customers can also contact them via their help center (https://www.godaddy.com/help) which includes phone numbers based on country
“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?