Website hosting company, GoDaddy, has announced that its managed WordPress environment has been hacked and up to 1.2 million of its customers’ accounts were exposed.
GoDaddy has logged an incident report with the SEC (US Securities and Exchange Commission) after realising they had been backed back in September.
The data that has been exposed includes customer emails and customer numbers, leaving GoDaddy users at risk this information could be used in phishing / social engineering attacks.
Getting a little more technical, sFTP and database usernames and passwords were also exposed. It also appears some GoDaddy customers had their private SSL key compromised, and GoDaddy is installing new certificates for those impacted.
What you need to do
If you are a GoDaddy customer, we recommend you change your password immediately. Get in touch if you need help or advice.
If you have one of our Care Plans, you do not need to worry as GoDaddy are not on our partners’ list and no client websites are located with them.