Domain registrar GoDaddy has shared details of a serious security breach that saw the details of 1.2 million customers exposed.
In a disclosure to the US Securities and Exchange Commission, GoDaddy’s Chief Information Security Officer, Demetrius Comes, shared details of the hack. Suspicious activity was discovered on Nov. 17 in the company’s Managed WordPress hosting environment, which turned out to be a third-party using a compromised password to gain access.
GoDaddy is investigating the hack with the help of an IT forensics firm and law enforcement has been involved. The passwords for the WordPress accounts and database access have already been reset, and new SSL certificates are being issued to affected customers.