GoDaddy, among the largest domain registrars in the world, reported that the data of 1.2 million of its WordPress customers were exposed by exploiting a compromised password who gave access to the information to an unauthorized third party.

GoDaddy discovered the intrusion into the Managed WordPress hosting environment on November 17th. This environment is essentially a hosting service for building and managing WordPress sites with storage and backup space as well. However, from the preliminary investigations, GoDaddy noticed that the data exposure began on September 6th.

Also access to sFTP and database



Up to 1.2 million WordPress customers on GoDaddy have had their email addresses and customer number exposed, Admin password, sFTP and database usernames and passwords, some customers even the Secure-Socket Layer (SSL) key, that is the security protocol that encrypts the data transmitted over the web.

As a first counter move, GoDaddy has revoked the hacked password, reset the Admin credentials of the customers who were in use, reset the sFTP and database passwords, and for SSL exposure is issuing and installing new certificates.

GoDaddy is directly contacting customers who have had the data exposed but has also indicated their support page, also present in Italian and with a toll-free number, for those who need to receive information.

More than phishing, watch out for possible malware installed on sites



The danger pointed out by GoDaddy about the exposure was limited to phishing through the e-mail addresses collected by the unauthorized third party.

However, if the raid gave access to sFTPs and databases from September 6 to November 17, the biggest risk could be from presence of malware loaded by the attacker on the affected sites – and which could remain active and manageable even after changing the password – as well as the ability to peek into the databases with the user accounts of the single WordPress site affected.