According to the securities and exchange commission, GoDaddy has been hacked, which is a popular web registrar and hosting company. The company asserts that they discovered a third party has gained access to its managed WordPress hosting environment completely. This incident observers on 22 November 2021.
ALmost 1.2 million users observe their email addresses and customer numbers exposed with admin passwords for both the WordPress websites hosted on their platform and passwords of SSL private keys, databases, and FTPs.
According to the GoDaddy resources, they believe that the first breach happened on September 6th, 2021 and they are still investigating it.
The Chief Information Security officer said that GoDaddy is now working with a private IT forensics and law firm. Additionally, they also assert that it has now reset the relevant credentials and also offer the users new SSL certificates.
Moreover, they stated that the company will learn from this incident and will take some serious and important steps to protect against such breaches and attacks in the future. That is the first time till now that GoDaddy has told about a security breach. In the year 2018 on GoDaddy servers data was exposed due to an AWS error.
In 2012 more than 28,00 users accounts were also breached by an unknown person. At the end of the previous year, GoDaddy was also declared as part of a hack that took down different sites of cryptocurrencies space.
The information mentioned below has been stolen by the hackers.
- 1.2 million email addresses and customer numbers of active and inactive Managed WordPress customers.
- Original Admin password of WordPress set at the time of provisioning has also been exposed.
- sFTP database passwords with usernames along with it,s active customers and SSL Private keys of active customers.