Popular web host GoDaddy has fallen victim to a data breach in which the data of 1.2 million customers has been stolen. The company made the announcement in a letter to the US Securities and Exchange Commission (SEC). The hacker has accessed their Managed WordPress hosting environment.
The hacker would have access to the company’s WordPress hosting environment from September 6. It wasn’t until November 17 that GoDaddy discovered the vulnerability and enlisted the help of IT specialists, who launched an investigation. Authorities were also notified of the leak at the time.
After the discovery, they blocked the hacker in the systems, but he had already had months to snoop around. It is still unknown who was behind the hack.
The company believes that the email addresses and customer numbers of at least 1.2 million customers of their Managed WordPress have been leaked. In addition, the hacker could also see the original passwords of these customers. Not all accounts that the hacker could access were still in use.
The accounts still in use have also leaked sFTP and database usernames and passwords. And some active users have also had their SSL private keys leaked. These are certificates that allow a website to send and receive information more securely.
GoDaddy has reset all affected passwords and will create new SSL keys for the affected parties.
GoDaddy says it wants to learn from this incident and is working on increasing the security of its systems. The company is still investigating the leak. Customers with questions can contact the help centre on their website.
For customers whose e-mail address has been leaked, it is good to be extra vigilant in the coming period. For example, hackers could use the information to set up phishing attacks. So be extra careful with strange emails and never just click on a link.
Catch up on more articles here
Follow us on Twitter here