According to a recent complaint with the US Securities and Exchange Commission, GoDaddy uncovered illegal access to their managed WordPress hosting environment, exposing account data for as many as 1.2 million customers.
The discovery was made on November 17, 2021, and this information is given out by the Internet domain registrar and web hosting provider, who promptly launched an investigation with the support of an IT forensics firm and contacted police enforcement.
According to sources, it was on September 6 that the team discovered that a hacked password had been used to access the provisioning system in its older code base for managed WordPress. The attacker was able to get the customer number and email address for up to 1.2 million managed WordPress accounts, both active and dormant. It might put customers in danger of phishing attempts if it falls into the wrong hands, according to GoDaddy.
Active customers’ sFTP and database usernames and passwords were also exposed, according to GoDaddy, although they have now been changed. The SSL private key of a subset of active customers was also exposed. For these clients, GoDaddy said it is in the process of issuing and installing fresh certificates.
In recent years, GoDaddy has had to cope with a variety of challenges. It was uncovered in early 2019 that the corporation was injecting JavaScript into chosen clients’ websites without their permission. Later that year, fraudsters gained access to hundreds of GoDaddy accounts to sell snake oil and other items. It was hard for the Internet domain registrar and web hosting provider.
GoDaddy stock is down over 5% on the day and is now trading at $67.89 as of this writing.
Read more:
We used to be hosted with GoDaddy, but have since migrated to DreamHost. Seemingly, not a moment to soon either. This data breach is just one more reason, amongst many, not to host with GoDaddy.