News

1.2 million WordPress site owners affected by GoDaddy data breach

Domain registrar and hoster GoDaddy reported a hack and data breach. The incident affected the data of 1.2 million company’s customers as hackers gained access to the WordPress hosting environment.

GoDaddy reported the incident this week in the documents, presented this week to the US Securities and Exchange Commission. The company discovered the hack last week, November 17, following “suspicious activity” in its managed WordPress hosting environment.

Investigation revealed that unknown hackers kept access to GoDaddy’s servers for more than two months, and infiltrated the company’s network as early as September 6, 2021. It is reported that the attackers had access to the following data:

  1. information of 1.2 million active and inactive clients of managed WordPress hosting, including email addresses and client numbers;
  2. the original WordPress admin password that GoDaddy issues to clients when they create a website;
  3. usernames and passwords from the database and sFTP for active clients;
  4. SSL private keys for some clients.

GoDaddy says they are already dumping sFTP and database passwords compromised during the hack. The company also cleared passwords for administrator accounts if customers were still using the default password that was given to them at the beginning. In addition, the company is in the process of re-issuing and installing new SSL certificates for those affected.

The incident has already been reported to law enforcement agencies, and third-party cybercriminals have joined the investigation of the incident.

Let me remind you that this is not the first time that GoDaddy resources have been compromised. For example, in 2019, hackers placed more than 15,000 malicious subdomains in the company’s infrastructure, which redirected visitors to sites that advertised dietary supplements to improve brain function, diet pills, CBD oils, and so on.

Let me remind you that we also wrote that Cybercriminals are hijacking GoDaddy’s cryptocurrency domains, and also that GoDaddy closed 15,000 subdomains that used spammers.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

7 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

7 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

7 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

7 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

11 hours ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

11 hours ago