Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers.
In an official statement it says On November 17, 2021, they discovered unauthorized third-party access to our Managed WordPress hosting environment.
They identified suspicious activity in their Managed WordPress hosting environment and after that they immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.
Go Daddy immediately blocked the unauthorized third party from their system and investigation is ongoing, but they have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information:
- Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
- The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, then reset those passwords.
- For active customers, sFTP and database usernames and passwords were exposed. Then reset both passwords.
- For a subset of active customers, the SSL private key was exposed. Go Daddy will be issuing and installing new certificates for those customers.
Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Users Today : 0