Another massive data breach has occurred and this time it affects GoDaddy customers. A total of 1.2 million accounts were affected by the attack, leaving many people concerned about the security of their website’s private information.
GoDaddy has reported the breach to the Securities and Exchange Commission. The company explained that it has detected unauthorized access to the systems on which it hosts and manages WordPress servers. Since WordPress is such a popular tool for creating and managing websites, this can be a serious attack.
As for the hackers, active customers had their sFTP credentials stolen. This is used for file transfers. In addition, usernames and passwords for WordPress databases have decreased. That means the attackers can have full access to the content of a website. Some users had their SSL (HTTPS) private keys exposed, allowing the malicious attacker to impersonate a website.
GoDaddy has reset WordPress passwords and private keys, so it has already taken the necessary steps to ensure that the attacker can’t misuse anything with the obtained passwords. The company is in the process of generating new SSL certificates for customers.
The person used a compromised password to get into GoDaddy’s systems around September 6, 2021. The company said it discovered the breach on November 17, 2021. It filed with the SEC on November 22, 2021. That’s a good response time from GoDaddy, as it usually takes a while for the company to know exactly what happened before registering something.
If you used GoDaddy to host your WordPress website, you should monitor your content and change all of your passwords to make sure everything is secure.