Adding a new incident to those that have occurred in recent years, GoDaddy has just revealed that it recently discovered a gap in your managed WordPress hosting environment, as well as the fact of an access by an «unauthorized third party», which would have obtained access to data for up to 1.2 million users.
And it is undoubtedly an important violation, since some sensitive data such as email addresses, customer numbers, as well as WordPress administrator passwords, passwords for sFTP, databases, would have been exposed and compromised and SSL private keys.
In addition, although this fact was not officially revealed until yesterday to the Securities and Exchange Commission, in reality the violation was discovered on November 17, the incident itself going back even further, having dated the first access of an unauthorized person on September 6.
For his part, Demetrius Comes, GoDaddy’s chief information security officer, shared that the investigation of what happened is still ongoing and that the company is currently working jointly with law enforcement and a private IT forensic firm, ensuring that “They will learn from this incident” and they will take steps to prevent such an infringement from occurring in the future.
Additionally, GoDaddy ensures that they have reset the relevant credentials and will work with users to issue new SSL certificates. Thus, customers will be able to contact the company directly through its online help center to find out if they have been affected by indecency, and if so, what steps to take now.
