GoDaddy says a third party was able to obtain email addresses from 1.2 million customers. In some cases, passwords were also included.
This concerns 1.2 million active and inactive managed WordPress customers. GoDaddy claims that a third party was able to get into the system with a compromised password. In the meantime, the company has closed that access.
The email address of those customers has been leaked as a result, but the original admin password of their WordPress environment has also been leaked. Therefore, those who never changed this run more risk, although those accounts have now been reset for a new password. In some cases, the SSL private key has also been leaked.
GoDaddy disclosed the issue on Nov. 22 in a report to the SEC. That too gets some criticism because many customers discovered the problem through that message (because it was picked up in the media). In the meantime, the same message is also on the company’s site, but only if you specifically search for news about the company.