GoDaddy Inc, a web hosting company, said that email addresses of up to 1.2 million active and inactive Managed WordPress customers were exposed to unauthorized third-party access. In a statement, the company said that the incident was unearthed on November 17 and that third-party accessed the system database using a password that was compromised.

As for WordPress, it is a web-based content management system. It is used worldwide to set up blogs or websites. With the help of GoDaddy, customers host their own WordPress installs on their servers.

“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Chief Information Security Officer Demetrius Comes said in a filing.

In early trading, the company’s shares fell about 1.6%, saying that it immediately blocked the unauthorised third party. An investigation was still on.

In a statement, the company said that this exposure could put users at greater risks of phishing attacks. GoDaddy also said that the original WordPress admin password that was created when WordPress was first installed was also exposed. The admin password is used to access a customer’s WordPress server.

The web hosting company said that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases were exposed in the breach.

In some cases, the customer’s SSL (HTTPS) private key was also exposed. If it gets in the wrong hands, an attacker can impersonate a customer’s website or services.

Soon after the expose, the company said that it has reset customer WordPress and private keys. They also said that they are in the process of issuing new SSL certificates.

About GoDaddy

GoDaddy Inc. is an American publicly traded Internet domain registrar and web hosting company, with its headquarter in Tempe, Arizona. As of June 2020, the web host company has more than 20 million customers and 7,000 employees worldwide.