GoDaddy has reported its fifth cyber incident since 2018, this time stating that an attacker with a compromised password stole email addresses, SSH keys, and database logins. The web-hosting giant stated that 1.2 million customers were impacted in the incident, which was reported on Monday. The breach occurred on September 6, however, unauthorized access continued for two and a half months until GoDaddy noticed the breach on November 17. The company stated that it identified suspicious activity in its Managed WordPress hosting environment and immediately launched an investigation into the situation.
The attackers were able to compromise GoDaddy’s Managed WordPress hosting environment, a service that allows companies to use WordPress content management systems in a hosted environment. This allows companies the luxury of not having to manage and update it themselves. The information exposed in the incident included emails for 1.2 million active and inactive Managed WordPress customers, sFTP database usernames and passwords for active customers, and SSL keys for a subset of active customers. GoDaddy stated that it is in the process of issuing and installing new certificates for affected customers and has required its customers to reset their passwords.