Hosting giant GoDaddy has reported a data breach with US financial regulators and warns that the data of 1.2 million customers may have been accessed.
In a lawsuit with the Securities and Exchange Commission, GoDaddy's chief information security officer, Demetrius Comes, said the company has detected unauthorized access to its systems where it hosts and manages its WordPress servers. customers.
see more
Alert: THIS poisonous plant landed a young man in the hospital
Google develops AI tool to help journalists in…
WordPress is a web-based content management system used by millions to create blogs or websites. GoDaddy allows customers to host their own WordPress installations on their servers.
hack attack
GoDaddy said the unauthorized person used a compromised password to gain access to GoDaddy systems around September 6th. GoDaddy said it discovered the breach last week on Nov. 17. It's unclear whether the compromised password was protected with two-factor authentication.
The lawsuit reports that the breach affects 1.2 million WordPress users, both active and inactive, who have had their email addresses and customer numbers exposed. GoDaddy said this exposure could put users at greater risk of phishing attacks. The host also said that the original WordPress admin password created when WordPress was installed for the first time, which could be used to access a client's WordPress server, was also exposed.
Data
The company said active customers had their sFTP credentials (for file transfers) and the names username and passwords of your WordPress databases, which store all user content, exposed in the violation. In some cases, the client's SSL (HTTPS) private key has been exposed, which, if abused, could allow an attacker to impersonate a client's website or services.
GoDaddy said it is resetting WordPress passwords and customers' private keys, and is in the process of replacing new SSL certificates.
The web host has over 20 million customers worldwide. A spokesperson for GoDaddy did not immediately comment.