Internet infrastructure company GoDaddy has announced that hackers have accessed the personal information of more than 1.2 million customers using its WordPress hosting service.
On November 17, 2021, unauthorized access from a third party was discovered in our managed WordPress hosting environment.
After confirming suspicious activity in our managed WordPress hosting environment, we immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. An unauthorized third party used a compromised password to gain access to our legacy code-based provisioning system for Managed WordPress.
GoDaddy said it discovered the breach on November 17, 2021, after noticing “suspicious activity” in its managed WordPress hosting environment.
Subsequent investigation revealed that hackers had been accessing the company’s servers for at least two months starting on September 6.
Based on current evidence, GoDaddy has announced that hackers have accessed the following information.
- Email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress customers exposed
- Original WordPress admin passwords issued to customers by GoDaddy at site creation
- Active For active customers, SFTP and database usernames and passwords were exposed
- For a subset of active customers, SSL private keys were exposed
GoDaddy has stated that it has already reset the SFTP and database passwords exposed in this hack. It has also reset the password for the admin account for those users who are still using the default password issued when the site was created.
The company says it is still in the process of issuing and installing new SSL certificates for affected users, which is a bit more complicated than resetting passwords.
GoDaddy said it has notified law enforcement and is working with an IT forensics firm to further investigate the incident.
“We sincerely apologize for this incident and the concern it has caused our customers,” said Demetrius Comes, chief information security officer at GoDaddy.
This is the company’s second breach in the past two years, after hackers gained access to some customers’ SSH accounts in early 2020, according to a report filed with state authorities in May 2020.