GoDaddy web-hosting service HACKED, 1.2M customers at risk

GoDaddy wants to express its sincere regret.

The web-hosting service said on Monday that it had been hacked and that user data had been stolen. According to a statement filed with the SEC whomever gained access to GoDaddy’s Managed WordPress hosting system done so in September, but the firm discovered something was wrong last Wednesday.

Users’ email addresses and customer numbers, as well as admin passwords for both WordPress sites hosted on the platform, as well as credentials for sFTPs, databases, and SSL private keys, were all exposed.

“We are deeply sorry for this occurrence and the concern it has caused our clients,” the firm said in a statement. “At GoDaddy, we take our obligation to protect our clients’ data very seriously, and we never want to let them down.”

GoDaddy is working with an IT security firms to investigate the incident, and law enforcement is also engaged. Passwords for WordPress accounts and database access have already been reset, and impacted customers have received new SSL certificates.

This is far from the first time in recent years that GoDaddy has been mentioned in the same breath as a security incident. An AWS issue exposed data on GoDaddy servers in 2018, and an unauthorized individual breached 28,000 user accounts in 2020.