GoDaddy Email And Password Data Have Been Breached, 1.2 Million Customers Threatened

The hackers throw a tantrum again, this time it's Godaddy's turn to be hacked. (photo credit: pixabay)

JAKARTA - Web hosting company GoDaddy Inc said on Monday November 22 that the email addresses of 1.2 million active and inactive Managed WordPress subscribers had been exposed to unauthorized third-party access.

The company said the incident was discovered on November 17 and a third party accessed the system using a compromised password.

The company said the hacking began on September 6 and, over the past three months, attackers gained access to valuable customer information.

"We identified suspicious activity in our Managed WordPress hosting environment and immediately started an investigation with the help of an IT forensics firm and contacted law enforcement," Chief Information Security Officer Demetrius Comes said in a statement.

The raw details of the violation include:

The email addresses of 1.2 million active and inactive Managed WordPress subscribers and exposed subscriber numbers. Exposure of an email address presents the risk of a phishing attack.

The original WordPress Admin password set at the time of provisioning is revealed. If the credentials are still in use, GoDaddy will reset the password.

For active subscribers, the sFTP and database usernames and passwords are exposed. GoDaddy says they can reset both passwords.

For a subset of active customers, the SSL private key is exposed. GoDaddy says it is in the process of issuing and installing a new certificate for the customer.

The company, whose shares were down about 1.6% in early trading, said it had blocked the unauthorized third party, and that the investigation was ongoing.