Web hosting company GoDaddy has disclosed that up to 1.2 million active and inactive managed WordPress customers have had their email address and customer number exposed, during unauthorized third-party access, exposure email addresses at risk of phishing attacks.
In a filing, GoDaddy said on November 17, 2021 that it discovered unauthorized third-party access to its managed WordPress hosting environment. The company identified suspicious activity in its managed WordPress hosting environment and immediately initiated an investigation with the help of a computer forensics firm and contacted law enforcement. An unauthorized third party used a compromised password and gained access to the provisioning system in a legacy codebase for Managed WordPress.
An investigation is ongoing and after identifying the incident, GoDaddy immediately blocked the unauthorized third party from its system. However, the company has determined that as of September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information.
GoDaddy said it has contacted all affected customers directly with specific details. Demetrius Comes, chief information security officer at GoDaddy, said the company was “sincerely sorry for this incident and the concern it has caused our customers”.
“We, the management and employees of GoDaddy, take our responsibility to protect our customers’ data very seriously and never want to let it down. We will learn from this incident and are already taking steps to strengthen our system of supply with additional layers of protection,” Just said.
However, the company has not shared any plans on how to further strengthen its security and protection. In the filing, GoDaddy just said that the accounts affected by this incident had reset their passwords.
GoDaddy said it is the world’s largest service platform for businesses around the world, enabling its global community of more than 20 million customers to grow their business online. Currently, it has over 82 million domain names.
ONE GoDaddy Championship Partners