GoDaddy Announces 1.2 Million WordPress Websites Breached

GoDaddy, the popular web host and domain registrar, announced yesterday (Monday, November 22nd) a security breach that has affected 1.2 million users, exposing their e-mail addresses and customer numbers. Since then, the company has suffered from a 1.6% loss in share value.

The breach was discovered last week (November 17th) when GoDaddy found an unauthorized third-party was accessing their Managed WordPress. WordPress is a free and open-source content management system that allows users to create a website.

Once the suspicious activity was discovered, GoDaddy began an investigation and contacted relevant law enforcement. It was found that (using a compromised password) the unauthorized third-party had been accessing their website code since at least as far back as September 6th.

Information included: admin passwords, database usernames, email addresses, user passwords, SSL private keys and more. All exposed passwords have now been reset by GoDaddy. Says Demetrius Comes, chief information security officer of GoDaddy:

“Our investigation is ongoing, and we are contacting all impacted customers directly with specific details. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection … We are sincerely sorry for this incident and the concern it causes for our customers.”

Worryingly, this is not the first GoDaddy data leak, with breaches occurring back in 2018 and 2020 too. More recently, we have reported on both the Robinhood and Stripchat breaches in the last fortnight alone — affecting a combined 72 million users.

Protection and Prevention

With the ever-present threat of data leaks and breaches, it’s never been more important to ensure your data is protected. The cybersecurity company, Trend Micro, have recently released an app specifically designed to meet the challenges that data leaks bring.

Available on Android and iOS, ID Security scours the dark web for any mention of your data (email address, passwords, codes etc.) in the event of it being sold or maliciously shared by cybercriminals.

Follow this link or scan the QR code below to try the free 30-day trial version today!

As ever, we hope this article has been of use and/or interest to you — if so, please do SHARE with friends and family to help keep the online community secure and protected.