GoDaddy has reported a data breach affecting 1,200,000 users whose accounts may have been accessed. GoDaddy’s chief information security officer, Demetrius Comes, said the company detected unauthorized access to its systems where it hosts and manages its customers’ WordPress installations.
According to GoDaddy, the unauthorized person accessed their systems using a compromised password, around about 06 September 2021. GoDaddy said they discovered the breach last week, on 17 November 2021. It’s not clear if the compromised password was protected with two-factor authentication or not though.
The U.S. Securities and Exchange Commission (SEC) filing indicates the breach affects ~1,200,000 managed WordPress users, both active and inactive, who had their e-mail addresses and customer numbers exposed. GoDaddy says this exposure could subject their users to an increased risk of phishing attacks. The original WordPress administrative password created upon the initial installation of WordPress, was exposed as well.
Active customers also had their sFTP credentials, and the usernames and passwords for their MySQL databases, exposed. Additionally, some customers had their SSL private keys exposed. An attacker could use this to impersonate a customer’s Web site.
GoDaddy has reset the affected passwords and private keys, and are in-process of issuing new SSL certificates.