GoDaddy is one of the world’s largest and most popular web hosts, with over 20 million customers. Unfortunately, the GoDaddy appears to have hacked, exposing data on an estimated 1.2 million consumers.
In an SEC filing, GoDaddy revealed that unauthorized access had detected to its systems hosting and managing customers’ WordPress servers. The burglar hacked and accessed the system of GoDaddy on September 6, 2021, but has only found last week.
It appears that GoDaddy stored sFTP credentials in plaintext or a format that could reversed into plaintext, allowing the attacker to bypass the password cracking process. The attacker would have access to user email addresses, phone numbers, and the original WordPress Admin password. Which users should have changed after setting up their WordPress site.
Even if you haven’t affected, you should review your security settings and consider adding two-factor authentication to your account.