On November 17th, it was discovered that the email addresses and customer numbers of 1.2 million active and inactive GoDaddy Managed WordPress customers had been exposed to a malicious actor who used a compromised password to gain access.
GoDaddy states that the malicious actor has now been blocked from their system. They are able to trace unauthorized access back to September 6th, and in addition to the exposed email addresses and customer numbers, they’ve identified the following exposed data:
- The original WordPress password that was set when provisioned. If these credentials were in use, they have been reset by GoDaddy.
- The sFTP and database usernames and passwords of active customers, both of which have been reset by GoDaddy.
- The SSL private key of a subset of active customers. GoDaddy is in the process of issuing and installing new certificates for these customers.
A risk associated with exposed email addresses is an increase in phishing attempts. For information on phishing scams and how to avoid them, please see the following article from NYU IT’s The Download, Phishing, Spear Phishing, and Whaling.
GoDaddy is contacting all impacted customers directly, and are asking their customers who have questions to contact their help center.