Domain registrar and hoster GoDaddy reported a hack and data breach. The incident affected the data of 1.2 million of the company’s customers, as hackers gained access to the WordPress hosting environment.
GoDaddy announced what happened in documents filed this week with the US Securities and Exchange Commission. The company discovered the hack last week on November 17 following “suspicious activity” in a managed WordPress hosting environment.
The investigation found that unknown hackers maintained access to GoDaddy’s servers for over two months and infiltrated the company’s network as early as September 6, 2021. It is reported that attackers had access to the following data:
- information about 1.2 million active and inactive managed hosting customers for WordPress, including email addresses and customer numbers;
- the original WordPress admin password that GoDaddy gives to customers when they create a site;
- usernames and passwords from the database and sFTP for active clients;
- SSL private keys for some clients.
GoDaddy representatives say they are already resetting sFTP and database passwords that were compromised during the hack. The company also reset passwords for administrator accounts if customers were still using the default password given to them at the very beginning. In addition, the company is in the process of reissuing and installing new SSL certificates for those affected.
The incident has already been reported to law enforcement agencies, and third-party cybercriminalists have joined the investigation of the incident.
Let me remind you that this is not the first time that GoDaddy resources have been compromised. For example, in 2019 hackers posted the company’s infrastructure has more than 15,000 malicious subdomains that redirected visitors to sites that advertised dietary supplements to improve brain function, diet pills, CBD oils, and so on.
Source: xaker.ru