GoDaddy Data Hack Reveals Over 1 Million Customer Accounts

What happened now? GoDaddy said in a new filing with the US Securities and Exchange Commission that it recently discovered unauthorized access to a managed WordPress hosting environment, resulting in the discovery of account details for up to 1.2 million customers.

The internet domain registrar and web hosting provider said the discovery was made on November 17, 2021, after which they immediately launched an investigation with the help of a forensic IT firm and went to law enforcement.

The team learned that since September 6, a compromised password has been used to access the provisioning system in its legacy managed WordPress codebase. The attacker was able to gain access to the customer number and email address for 1.2 million active and inactive managed WordPress accounts. Falling into the wrong hands could put customers at greater risk of phishing attacks, GoDaddy said

GoDaddy also noted that sFTP usernames and passwords and databases for active clients were also exposed, but have since been dropped. A subset of active clients also received their SSL private key. GoDaddy said it is in the process of issuing and installing new certificates for these customers.

GoDaddy has addressed a number of issues over the years. Back in early 2019, it was discovered that the company JavaScript injection to selected websites of customers without their consent. Later that year, the scammers succeeded compromise hundreds of GoDaddy accounts sell snake oil products and more.

GoDaddy’s stock price has dropped nearly five percent on the day to $ 67.89 at the time of this writing.

Source link

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button