GoDaddy, the web-hosting giant, has disclosed it has suffered from a data breach.
The attackers have gained access to the following information:
- Up to 1.2 million active and inactive Managed WordPress customers had their email addresses and customer numbers exposed. The exposure of email addresses presents a risk of phishing attacks.
- The original WordPress Admin password that was set at the time of provisioning was exposed.
- For active customers, sFTP and database usernames and passwords were exposed.
- For a subset of active customers, the SSL private key was exposed.
GoDaddy has done the following:
- Reset passwords of WordPress Admin users
- Reset passwords for active customers of both sFTP and database
- In the process of issuing and installing new certificates for customers that their SSL private key was exposed
The exposure of email addresses presents a high risk of phishing attacks.
Therefore, CYREBRO recommends raising awareness among employees regarding the potential risk.
References: GoDaddy Advisory