One of the biggest web hosting companies in the world, GoDaddy, reported a data breach of up to 1.2 million active and inactive Managed WordPress customers, who had their email addresses and customer numbers exposed.
According to the company, the incident was discovered on November 17 and the third party had accessed the system using a compromised password.
In a filing with the Securities and Exchange Commission, GoDaddy’s chief information security officer Demetrius Comes said that the company detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers. WordPress is a web-based content management system used by millions to set up blogs or websites. The company lets customers host their own WordPress installs on their servers.
GoDaddy claims to have reset its customers’ WordPress passwords and private keys and is in the process of issuing new SSL certificates.
The web host has more than 20 million customers worldwide. Dan Race, a spokesperson for GoDaddy, declined to comment citing the company’s ongoing investigation. As a result, the company’s shares fell down by 1.6% in early trading.