Domain registrar and web hosting company GoDaddy revealed a recent hack that exposed up to 1.2 million people’s WordPress information.
According to a disclosure to the US Securities and Exchange Commission, the company revealed that an “unauthorized third party” used a compromised password to gain access to its Managed WordPress hosting environment. GoDaddy determined the hacks began on September 6, 2021.
The stolen information includes the email addresses and customer numbers of both active and inactive Managed WordPress customers and admin passwords for WordPress sites. Passwords and usernames for sFTPs and databases plus SSL private keys were also exposed in the hack.
GoDaddy states that an investigation is ongoing, and it’s working with law enforcement and an IT forensics firm to find out what happened.
In response, the company reset all the passwords affected by the breach and is currently issuing new SSL private keys to customers. GoDaddy encouraged customers to contact the GoDaddy help center to get everything sorted out.
Unfortunately, this isn’t the first time GoDaddy has been breached. In late 2020, GoDaddy employees were used in an attack on several cryptocurrency trading platforms.
The company concluded its disclosure with the statement, “We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
Get the Latest Tech News Delivered Every Day
