11月22日,知名网络注册与托管服务商 GoDaddy 刚刚向美国证券交易委员会(SEC)披露了一起黑客入侵事件,发现有“未经授权的第三方”获得了对其 WordPress 托管环境的访问权限。事件导致多达 120 万用户的电子邮件地址和客户编号、平台上托管的两个 WordPress 站点的管理员密码,以及 sFTP、数据库和 SSL 私钥的密码等信息被泄露。
SEC Announcements: GoDaddy chief information security officerDemetrius Comes said the company is currently working with law enforcement agencies and a private IT forensics company to conduct an in-depth investigation.
In the meantime, GoDaddy has reset the relevant credentials and will issue new SSL certificates to customers. Ultimately, the company will learn from this incident and take corrective measures to avoid similar incidents in the future.
Original article by Chief Security Officer, if reproduced, please credit https://www.cncso.com/en/godaddy-1-2-million-data-breach.html
