GoDaddy, a web hosting company, stated on Monday that an unauthorized third-party access had exposed the email addresses of up to 1.2 million current and inactive Managed WordPress customers.
The problem was detected on Sept. 6, according to the company, and the third-party accessed the system using a hacked password.
The company, whose stock dropped 1.6 percent in early trade, said it had blocked the illegal third party immediately and that an investigation was ongoing.
What GoDaddy is saying
Chief Information Security Officer Demetrius Comes said in a filing. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.”
The document also stated that the required credentials had been reset and that it will work with users to provide new SSL certificates. The company expressed their regret for the event and the distress it has caused its customers.
“We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
What you should know
This isn’t the first time GoDaddy has been exposed to a security breach. An AWS error exposed data on GoDaddy servers in 2018, and an unauthorized person compromised 28,000 user accounts in 2020. GoDaddy was also mentioned in a cyberattack that brought down a number of cryptocurrency-related websites last year.