GoDaddy announced on Monday a security breach that could affect up to 1.2 million customers, exposing their e-mail addresses and customer numbers.
The exposure of email addresses presents a risk of phishing attacks, a scheme in which a hacker sends a target an e-mail and tricks them into sending over sensitive information by clicking a link that deploys malicious software.
The breach was discovered last week on Nov. 17 when GoDaddy found an unauthorized third-party was accessing their Managed WordPress hosting environment. WordPress is a free and open-source content management system that allows users to create a website easily.
They identified suspicious activity in their Managed WordPress hosting environment and immediately began an investigation and contacted law enforcement. Using a compromised password, the unauthorized third party was able to access their code since Sep. 6.
Information such as WordPress Admin passwords, database usernames and passwords, SSL private keys and more were exposed. All exposed passwords were reset by GoDaddy
Robinhood breach: After 7 million impacted in Robinhood data breach, experts offer some tips for amateur investors.
“Our investigation is ongoing and we are contacting all impacted customers directly with specific details,” says Demetrius Comes, chief information security officer of GoDaddy. “We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”
A few weeks ago, Robinhood said that it suffered a security breach where hackers accessed some personal information for a total of 7 million Robinhood customers and demanded a ransom payment, according to The Associated Press.
In August, a T-Mobile data breach reportedly affected 100 million of its wireless customers.
Michelle Shen is a Money & Tech Digital Reporter for USA TODAY. You can reach her @michelle_shen10 on Twitter.