GoDaddy Breach Led to 1.2M WP Customers Affected – Here’s What to Do!

GoDaddy Data Breach Affects 1.2 Million Managed WordPress Accounts

The web hosting company GoDaddy announced that it suffered a major data breach, compromising customer numbers and email addresses of more than 1.2 million managed WordPress users.

According to GoDaddy’s Chief Information Security Officer (CISO), the company discovered unauthorized access to its Managed WordPress Hosting System on November 17, 2021. After immediate investigation, GoDaddy’s IT forensics team found that the attackers gained entry using a compromised password.

The breach likely began on September 6, 2021, giving attackers more than six weeks of access before detection.

How GoDaddy Responded to the Breach

Once the intrusion was identified, GoDaddy blocked the unauthorized third-party access and informed law enforcement agencies. The company also reached out directly to affected customers to explain the situation and guide them on next steps.

In a public statement, GoDaddy executives apologized for the incident:

“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

The statement emphasizes GoDaddy’s intent to enhance its security infrastructure and prevent similar breaches in the future.

Extent of the Attack and Possible Consequences

Although GoDaddy regained system control and reset the SFTP and database passwords for affected users, the attackers had over a month of access. During this period, they may have uploaded malware or created malicious admin accounts. These actions could allow continued access to compromised sites even after credentials were changed.

Moreover, the attackers gained access to sensitive Personally Identifiable Information (PII) stored in customer databases. With such information, hackers could potentially manipulate or re-enter systems in the future.

What Should GoDaddy Managed WordPress Users Do?

GoDaddy is contacting affected users directly. If you host your WordPress site through GoDaddy and have not received a notification yet, it is important to take immediate precautionary steps.

Follow these five essential actions to secure your website:

• Step 1: If you manage an e-commerce site or store customer data, inform your users about the breach promptly. Transparency builds trust and allows customers to take their own precautions.
• Step 2: Change all your WordPress passwords immediately. Force password resets for your users and customers as well. Avoid reusing passwords across multiple platforms.
• Step 3: Enable two-factor authentication (2FA) for extra protection. Plugins such as Wordfence offer this feature for free and are easy to set up.
• Step 4: Scan your entire website using a reliable **security scanner** to detect and remove malware or unauthorized files.
• Step 5: Check your site’s file system, including wp-content/plugins and wp-content/mu-plugins. Ensure all plugins are legitimate and updated regularly.

These steps will help reduce the potential impact and prevent future exploitation.

Conclusion

The GoDaddy data breach highlights the growing importance of website security for hosting providers and businesses alike. The effects extend beyond GoDaddy’s managed WordPress users, impacting countless customer websites and their visitors.

While GoDaddy has begun recovery measures, website owners should stay proactive. By changing passwords, enabling multi-factor authentication, and performing regular security scans, users can protect their data and reduce future risks.

Staying vigilant and adopting strong cybersecurity practices remains the best defense against evolving online threats.

Credit: Wordfence