WBig data breach in GoDady hosts giant GoDady. This was reported by the company itself. The company claims that the data of 1.2 million users was leaked to the Internet and is now available to anyone.

In a filing with the Securities and Exchange Commission, Godaddy’s chief information security officer, Demetrius Kamins, said the hack was discovered on customers’ WordPress servers. Godadi says this provides an opportunity to access and control systems that host multiple sites. WordPress is a web-based content management system used by millions of people to set up blogs or websites. This is where a serious data breach was found. Godadi allows users to install their own WordPress on their servers.

Godaddy said that by September 6, an unauthorized person had used a stolen password to gain access to his systems. The breach was discovered on November 17 last week. It is not clear if the password was used with two-factor authentication.

The company claims that this security breach affects 1.2 million active and inactive WordPress admin users, and that their email addresses and customer numbers have been exposed. Godaddy said the leak could increase the risk of phishing attacks on users. They also reveal that the original WordPress admin password that can be used to access the client’s WordPress server has now been exposed.

The company claims that the FTP credentials (for file transfers), usernames and passwords for their WordPress databases that store all users’ content have been compromised. In some cases, the client’s SSL private key has been exposed, allowing an attacker to impersonate the client’s website or services if they are misused. Godadi said it was resetting client WordPress passwords and private keys and was in the process of issuing new SSL certificates.

Last updated November 24, 2021 6:41 PM IST