GoDaddy Inc claimed that up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed in a major data breach. GoDaddy Inc, an internet domain registrar and web hosting company, in a statement released on Monday evening, claimed that on November 17, 2021, the company discovered unauthorized third-party access to the Managed WordPress hosting environment. It added that exposure was a result of phishing attack.
“For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords. For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers,” said the domain registrar giant.
The statement further added that while the company’s investigation is ongoing and they are contacting all impacted customers directly with specific details.