1.2M GoDaddy Customers’ Data Exposed
Note: We may earn a commission from products or services when you click on a link and make a purchase.
GoDaddy announced that the company has suffered a data breach. The GoDaddy data breach was reported in a filing with the US Securities and Exchange Commission (SEC). The cyberattack began on September 6th and targeted managed WordPress servers.
Cybercriminals compromised GoDaddy’s systems the first week of September. However, the data breach was not discovered until November 17th.
The attackers used a compromised password and gain access to GoDaddy’s servers. Credentials belonging to both active and inactive manage WordPress customers were exposed.
“The exposure of email addresses presents risk of phishing attacks,” says the SEC filing by GoDaddy. Customers impacted by the GoDaddy data breach will be being contacted with details.
For 1.2 million inactive and active GoDaddy customers, email addresses, customer numbers were compromised. In addition, original WordPress admin user credentials generated at setup time were exposed.
Breached GoDaddy Customer Data Includes:
- sFTP Credentials
- Admin usernames
- Database usernames and passwords
- SSL (HTTPS) private key in some cases
In response to the data breach, the company has reset WordPress passwords as well as SSL private keys.