On the 17th of November, the company discovered that up to 1.2 million email addresses have been exposed.
Third Party Exposes Customer Data
Last week, GoDaddy found out that a third party gained unauthorized access to its Managed WordPress hosting environment. The breach supposedly took place at the beginning of September.
The hosting company identified that the exposed information includes:
- up to 1.2 million email addresses and customer numbers of active and inactive Managed WordPress customers
- the original WordPress Admin passwords of users, which have now been reset
- sFTP and database usernames and passwords
- SSL private key of active customers
Immediately, GoDaddy teamed up with an IT forensics firm and began an investigation. It also contacted law enforcement and blocked the third party from accessing their systems.
It has reset the WordPress Admin passwords of affected users. In addition, it will issue new SSL certificates. sFTP and database passwords will also be reset.
Furthermore, the company has warned all uses with leaked emails to be wary of phishing messages.
GoDaddy is contacting all impacted customers with specific details.
Not the First Time
That is, however, not the first time that the hosting vendor suffers from a data breach. In 2020, the company found out that SSH usernames and passwords have been compromised. Hackers managed to expose 28,000 records.