What happened now? GoDaddy said in a new filing with the US Securities and Exchange Commission that it recently discovered unauthorized access to a managed WordPress hosting environment, resulting in the discovery of account details for up to 1.2 million customers.
The internet domain registrar and web hosting provider said the discovery was made on November 17, 2021, after which they immediately launched an investigation with the help of a forensic IT firm and went to law enforcement.
The team learned that since September 6, a compromised password has been used to access the provisioning system in its legacy managed WordPress codebase. The attacker was able to gain access to the customer number and email address for 1.2 million active and inactive managed WordPress accounts. Falling into the wrong hands could put customers at greater risk of phishing attacks, GoDaddy said…
GoDaddy also noted that sFTP usernames and passwords and databases for active clients were also exposed, but have since been dropped. A subset of active clients also received their SSL private key. GoDaddy said it is in the process of issuing and installing new certificates for these customers.
GoDaddy’s stock price has dropped nearly five percent on the day to $ 67.89 at the time of this writing.