GoDaddy, a global web hosting company, has reported that approximately 1.2 million of its WordPress customers’ sensitive information has been exposed as a result of a massive data breach.
Demetrius Comes, GoDaddy’s Chief Information Security Officer (CISO), wrote on his blog that unauthorized access to the company’s managed WordPress servers had been discovered.
Comes said late on Monday, “Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks,”
GoDaddy discovered unauthorized third-party access to the Managed WordPress hosting environment was identified on November 17th. GoDaddy explained that “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress,”
Users have been advised by GoDaddy that this exposure puts them at greater risk of phishing attacks. The investigation is still underway, “we have determined that, beginning on September 6, 2021, the unauthorised third party used the vulnerability to gain access to the following customer information”, the company informed.
The original WordPress Admin password which was set at the time of deployment was also exposed. GoDaddy said “If those credentials were still in use, we reset those passwords. For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords,”
Comes said “We are sincerely sorry for this incident and the concern it causes for our customers.”
He added “We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,”