On November 22nd, GoDaddy, a leading provider of web registration and hosting services, just disclosed a hacking incident to the U.S. Securities and Exchange Commission (SEC), discovering that an "unauthorized third party" had gained access to its WordPress hosting environment. The incident resulted in the compromise of the email addresses and customer numbers of up to 1.2 million users, administrator passwords for two WordPress sites hosted on the platform, and passwords for sFTP, database and SSL private keys.
SEC BULLETIN: Demetrius Comes, GoDaddy's chief information security officer, said the company is currently working with law enforcement agencies and a private IT forensics firm to conduct an in-depth investigation.
In the meantime, GoDaddy has reset the relevant credentials and will issue new SSL certificates to customers. Ultimately, the company will learn from this incident and take corrective measures to avoid similar incidents in the future.
Original article by Chief Security Officer, if reproduced, please credit https://www.cncso.com/en/godaddy-1-2-million-data-breach.html
