On November 22, GoDaddy, a well-known online registration and hosting service provider, just disclosed to the U.S. Securities and Exchange Commission (SEC)hackerThe breach revealed that an "unauthorized third party" had gained access to its WordPress hosting environment. The incident resulted in the leak of information such as the email addresses and customer numbers of up to 1.2 million users, administrator passwords for two WordPress sites hosted on the platform, and passwords for sFTP, databases, and SSL private keys.
SEC Announcements: GoDaddy chief information security officerDemetrius Comes said the company is currently working with law enforcement agencies and a private IT forensics company to conduct an in-depth investigation.
In the meantime, GoDaddy has reset the relevant credentials and will issue new SSL certificates to customers. Ultimately, the company will learn from this incident and take corrective measures to avoid similar incidents in the future.
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/godaddy-1-2-million-data-breach-html