GoDaddy encounters a WordPress user data leak error |
Web hosting giant GoDaddy has reported the data breach to the US Treasury and warned that it could access the data of 1.2 million customers.
In a filing with the US Securities and Exchange Commission, Demetrius Komis, GoDaddy's chief information security officer, said the company found unauthorized access to its system to host and manage customers' WordPress servers.
WordPress is a web-based content management system used by millions of people to create blogs or websites. GoDaddy allows customers to host their own WordPress installations on their servers.
The company has more than 20 million customers around the world, and the company reported that unauthorized persons were released on January 3.
He added that she discovered the hack last week on November 17. It is not clear if the leaked password is protected with two-factor authentication.
The document states that the vulnerability affects 1.2 million active and inactive WordPress host users. Your email addresses and customer numbers have been leaked. The company said such violations could put users at increased risk of phishing attacks.
The web host also said that the original WordPress admin password generated during the initial WordPress installation was also exposed. This password can be used to access the client's WordPress server.
The company said that data from active customers with FTP accounts used for file transfers was exposed in the breach. Using the username and password for the WordPress database used to store all user content.
In some cases, the client's private key is revealed in the SSL certificate. If misused, this private key enables the attacker to impersonate the customer's website or service.
Over 1 million GoDaddy accounts exposed
GoDaddy has indicated that the client's WordPress password and private key will be reset. It also said that it will replace the SSL certificate.
It is reported that this is not the first time that GoDaddy has been hacked in recent years. An AWS bug in 2018 exposed data on GoDaddy servers.
In 2020, 28,000 user accounts were hacked by unauthorized people. Last year, GoDaddy was cited in a hacker attack that destroyed several websites in the cryptocurrency space.