GoDaddy hacked

GoDaddy informed US Securities and Exchange Control (SEC) that it detected a security breach to its Managed WordPress hosting environment on Nov. 17, 2021, but the hackers may have been active since Sept. 6, 2021, if not earlier than that.

The breach exposed:

• Up to 1.2 million active and inactive Managed WordPress customers’ email address and customer numbers.
• Original WordPress Admin password, set at time of provisioning.
• sFTP and database usernames/passwords for active customers.
• SSL private key for a small amount of active customers.

GoDaddy has reset the original WordPress Admin passwords and the sFTP passwords for active users.

Read more and watch out for new email phishing attacks if you use GoDaddy...