1.2 million WordPress site owners affected by GoDaddy data breach

Domain registrar and hoster GoDaddy reported a hack and data breach. The incident affected the data of 1.2 million company’s customers as hackers gained access to the WordPress hosting environment.

GoDaddy reported the incident this week in the documents, presented this week to the US Securities and Exchange Commission. The company discovered the hack last week, November 17, following “suspicious activity” in its managed WordPress hosting environment.

Investigation revealed that unknown hackers kept access to GoDaddy’s servers for more than two months, and infiltrated the company’s network as early as September 6, 2021. It is reported that the attackers had access to the following data:

1. information of 1.2 million active and inactive clients of managed WordPress hosting, including email addresses and client numbers;
2. the original WordPress admin password that GoDaddy issues to clients when they create a website;
3. usernames and passwords from the database and sFTP for active clients;
4. SSL private keys for some clients.

GoDaddy says they are already dumping sFTP and database passwords compromised during the hack. The company also cleared passwords for administrator accounts if customers were still using the default password that was given to them at the beginning. In addition, the company is in the process of re-issuing and installing new SSL certificates for those affected.

The incident has already been reported to law enforcement agencies, and third-party cybercriminals have joined the investigation of the incident.

Let me remind you that we also wrote that Cybercriminals are hijacking GoDaddy’s cryptocurrency domains, and also that GoDaddy closed 15,000 subdomains that used spammers.