GoDaddy detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers.
The Scottsdale, Arizona-based web registrar and hosting firm GoDaddy has disclosed that it suffered a data breach in which the personal details plus login of up to 1.2 million active and inactive customers were accessed by an “unauthorized third party.”
The world’s leading domain name registering platform, GoDaddy, boasts of more than 20 million customers, which makes cyberattack on this organization a high-profile feat.
1.2 million WordPress sites at risk
In a letter to the Securities and Exchange Commission (“SEC”) on November 22nd, the company revealed that it discovered unauthorized third-party access to its active and inactive Managed WordPress hosting environment on November 17th.
After a detailed analysis, it identified that the breach allowed the unauthorized third party to access the following information:
SSL private key Email addresses WordPress Admin password sFTP and database usernames and passwords.
Although it is unclear whether the stolen passwords were in plain-text format or in a format that can be easily cracked into plain-text, the company has already reset the passwords. Those who are yet to change their passwords are being urged to do