Last week, GoDaddy revealed that hackers recently gained access to the email addresses and passwords of nearly 1.2 million inactive and active Managed WordPress users.
About the hack
According to a recent announcement, on November 17, 2021, an unauthorized third party was able to access private user information from GoDaddy’s Managed WordPress hosting site. A compromised password was exploited in order to “enter the provisioning system in [GoDaddy’s] legacy code base for Managed WordPress.” In addition to obtaining passwords and email addresses, hackers were also able to access phone numbers, as well as the private SSL keys of some active customers. GoDaddy is currently investigating the incident, and is making plans to further secure customers’ data. In a recent statement, the company’s chief information security officer, Demetrius Comes, stated:
“We are sincerely sorry for this incident and the concern it causes for our customers… We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
What to do if you were affected
If you’re one of the many GoDaddy customers whose information was exposed, fear not: GoDaddy will reach out to you directly (if they haven’t already done so). It has also reset all passwords linked to the compromised accounts, and is working to issue and install new certificates for those with compromised SSL keys. However, because the hacker accessed email addresses, some users may be more susceptible to phishing attacks following the incident.