What just happened? GoDaddy in a new filing with the Us Securities and Exchange Committee revealed it recently discovered unauthorized admission to its managed WordPress hosting environs, resulting in the exposure of account data belonging to as many as ane.2 million customers.

The Cyberspace domain registrar and web hosting provider said the discovery was made on Nov 17, 2022, at which time they immediately began an investigation with the assist of an Information technology forensics firm, and reached out to law enforcement.

The team learned that a compromised password was used to admission the provisioning system in its legacy code base for managed WordPress starting on September 6. The attacker was able to gain admission to the customer number and email address for up to 1.2 million agile and inactive managed WordPress accounts. In the incorrect hands, it could put customers at greater risk of phishing attacks, GoDaddy said.

GoDaddy further noted that sFTP and database usernames and passwords for active customers were also exposed, just have since been reset. A subset of active customers likewise had their SSL individual key exposed. GoDaddy said it is in the process of issuing and installing new certificates for these customers.

GoDaddy has dealt with a number of problems in recent years. Back in early 2022, information technology was discovered that the company was injecting JavaScript into select customers' websites without their consent. Subsequently that aforementioned yr, scammers managed to compromise hundreds of GoDaddy accounts to pedal snake oil products and more.

Share value in GoDaddy stock is down nearly five pct on the day, trading at $67.89 every bit of this writing.