The company came to know about the incident on November 17. By tampering with the password, the accused accessed the company’s system and obtained the data.
Web hosting company GoDaddy has faced a security breach. The company has been told that the data of its WordPress users have been breached. According to GoDaddy, the e-mail addresses of 1.2 million active and inactive WordPress customers were exposed. The company came to know about the incident on November 17. By tampering with the password, the accused accessed the company’s system and obtained the data. Chief Information Security Officer Demetrius Cums has said that after discovering suspicious activity in WordPress hosting, it was started with the help of an IT forensic firm. According to Godaddy, he immediately blocked the person who broke into the security.
The company said in its filing that on November 17, 2021, it identified suspicious activity in the WordPress hosting sector and immediately contacted law enforcement, initiating an investigation with the help of an IT forensic firm. The hacker accessed the legacy codebase of WordPress by manipulating the password. The company has said that it immediately blocked the person who breached the security.
The company has said that due to this security breach, the e-mail addresses and numbers of about 1.2 million active and inactive WordPress customers were leaked. Leaking e-mail addresses increases the risk of phishing attacks.
According to the company, the original WordPress admin passwords were leaked. If they were in use, they are being reset. The sFTP and database usernames and passwords of active customers were also leaked. SSL private keys of many active users were also leaked. Work is going on to give them a new key.
The company has said that its investigation is on and it is in direct contact with all the affected customers. Customers can also contact the company’s Help Center (https://www.godaddy.com/help). The company has apologized to the customers for this incident. That said, GoDaddy’s leadership and employees take the responsibility of protecting their customers’ data very seriously. We never want to disappoint them. We will learn from this incident and are taking steps to further strengthen it by enhancing security.