GoDaddy said on email addresses of up to 1.2 million active and inactive Managed WordPress customers had been expose in an unauthorised third-party access. GoDaddy said the incident was discovere on 17th November 2021 and the third-party access the system using a compromise password.
The GoDaddy, whose shares fell about 1.6% in early trading, said it had immediately block the unauthorise third party, and an investigation was still going on.
GoDaddy Said in the filing :
Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
The original WordPress Admin password that was set at the time of provisioning was expose. If those credentials were still in use, we reset those passwords.
For active customers, sFTP and database usernames and passwords were expose. We reset both passwords.
For a subset of active customers, the SSL private key was expose. We are in the process of issuing and installing new certificates for those customers.
Demetrius Comes Chief Information Security Officer