GoDaddy Data Breach Exposes 1.2 Million Active and Inactive Managed WordPress Hosting Accounts

GoDaddy Data Breach Exposes 1.2 Million Active and Inactive Managed WordPress Hosting Accounts

Posted by WP Tavern on November 22, 2021 at 9:29 pm
kitty kitty CATegory News
In a disclosure to the U.S. Securities and Exchange Commission (SEC) that was published today, GoDaddy announced a data security breach impacting its WordPress managed hosting customers. The company discovered unauthorized third-party access to its hosting environment on November 17, 2021, through an exploited vulnerability. GoDaddy’s initial investigations show the attacker gained access using a compromised password beginning on September 6, 2021. Nearly every sensitive data point associated with hosting a WordPress website was compromised, including customer email addresses, admin passwords, sFTP and database credentials, and SSL private keys. GoDaddy published the following summary of data the attacker had access to for more than two months: Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers. GoDaddy has…

…Full post on WP Tavern
Read Full

Similar Posts

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments