1.2 million WordPress site owners affected by GoDaddy data breach

Domain registrar and hoster GoDaddy reported a hack and data breach. The incident affected the data of 1.2 million company’s customers as hackers gained access to the WordPress hosting environment.

GoDaddy reported the incident this week in the documents, presented this week to the US Securities and Exchange Commission. The company discovered the hack last week, November 17, following “suspicious activity” in its managed WordPress hosting environment.

Investigation revealed that unknown hackers kept access to GoDaddy’s servers for more than two months, and infiltrated the company’s network as early as September 6, 2021. It is reported that the attackers had access to the following data:

  1. information of 1.2 million active and inactive clients of managed WordPress hosting, including email addresses and client numbers;
  2. the original WordPress admin password that GoDaddy issues to clients when they create a website;
  3. usernames and passwords from the database and sFTP for active clients;
  4. SSL private keys for some clients.

GoDaddy says they are already dumping sFTP and database passwords compromised during the hack. The company also cleared passwords for administrator accounts if customers were still using the default password that was given to them at the beginning. In addition, the company is in the process of re-issuing and installing new SSL certificates for those affected.

The incident has already been reported to law enforcement agencies, and third-party cybercriminals have joined the investigation of the incident.

Let me remind you that this is not the first time that GoDaddy resources have been compromised. For example, in 2019, hackers placed more than 15,000 malicious subdomains in the company’s infrastructure, which redirected visitors to sites that advertised dietary supplements to improve brain function, diet pills, CBD oils, and so on.

Let me remind you that we also wrote that Cybercriminals are hijacking GoDaddy’s cryptocurrency domains, and also that GoDaddy closed 15,000 subdomains that used spammers.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button