GoDaddy Managed WordPress hosting customers suffered a data breach. Passwords have been reset but effects may still be persist Over one million GoDaddy hosting customers suffered a data breach in September 2021 that went unnoticed for two months. GoDaddy described the security event as a vulnerability. Security researchers indicate that the cause of the vulnerability was due to inadequate security that did not meet industry best practices. The statement by GoDaddy announced that they have changed passwords for the affected customers of their WordPress Managed Hosting. However simply changing passwords does not completely fix possible problems left behind by hackers, which means that up to 1.2 million GoDaddy hosting customers may remain affected by security issues.
Who is Affected And HowGoDaddy’s statement says that up to 1.2 million customers of their WordPress managed hosting environment may be affected by the security breach. According to the statement to the SEC the data breach was due to a compromised password in their provisioning system. A provisioning system is the process for setting up customers with their new hosting services, by assigning them server space, usernames and passwords. GoDaddy Customer data that was exposed:
- Email addresses
- Customer numbers
- Original WordPress administrator level passwords
- Secure FTP (SFTP) usernames and passwords
- Database usernames and passwords
- SSL private keys