Over a million customer accounts were compromised as a result of the GoDaddy data breach.

Spread the love

GoDaddy advises that compromised data could be exploited in phishing attempts.

According to a recent filing with the US Securities and Exchange Commission, GoDaddy uncovered illegal access to their managed WordPress hosting environment, exposing account data for as many as 1.2 million customers.

The discovery was made on November 17, 2021, according to the Internet domain registrar and web hosting provider, who promptly launched an investigation with the support of an IT forensics firm and contacted police enforcement.


The team learned that a compromised password was used to access the provisioning system in its legacy code base for managed WordPress starting on September 6. The attacker was able to gain access to the customer number and email address for up to 1.2 million active and inactive managed WordPress accounts. In the wrong hands, it could put customers at greater risk of phishing attacks, GoDaddy said.

READ ALSO:  TikTok under scrutiny in Australia over security, data concerns

GoDaddy further noted that sFTP and database usernames and passwords for active customers were also exposed, but have since been reset. A subset of active customers also had their SSL private key exposed. GoDaddy said it is in the process of issuing and installing new certificates for these customers.

GoDaddy has dealt with a number of issues in recent years. Back in early 2019, it was discovered that the company was injecting JavaScript into select customers’ websites without their consent. Later that same year, scammers managed to compromise hundreds of GoDaddy accounts to pedal snake oil products and more.

Share value in GoDaddy stock is down nearly five percent on the day, trading at $67.89 as of this writing.


Leave a Reply