GoDaddy discloses a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment.
Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17.
“On November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment.” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.”
The intruders used a compromised password to access the provisioning system in the company’s legacy code base for Managed WordPress.
