GoDaddy reveals data breach of nearly 1.2 million WordPress customers

GoDaddy has warned users that this exposure can put users at greater risk of phishing attacks, adding that the probe is ongoing

e4m by exchange4media Staff
Updated: Nov 24, 2021 7:11 PM
GoDaddy

Global web hosting website GoDaddy has revealed that there has been a massive data breach with sensitive information of nearly 1.2 million WordPress customers getting compromised. The company informed that it has discovered unauthorised access to its managed WordPress servers on November 17. 

"Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents a risk of phishing attacks," GoDaddy Chief Information Security Officer (CISO) Demetrius Comes said in a blog post.

"We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorised third party accessed the provisioning system in our legacy code base for Managed WordPress," he added.

GoDaddy has warned users that this exposure can put users at greater risk of phishing attacks. It added that the investigation is ongoing, but "we have determined that beginning on September 6, 2021, the unauthorised third party used the vulnerability to gain access to the following customer information".

The original WordPress Admin password that was set at the time of provisioning was also exposed. "If those credentials were still in use, we reset those passwords. For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords," said GoDaddy.

Read more news about (internet advertising India, internet advertising, advertising India, digital advertising India, media advertising India)

For more updates, be socially connected with us on
Instagram, LinkedIn, Twitter, Facebook & Youtube