News, Reviews & Betas which includes large community peer support GoDaddy has told the SEC that its systems have been compromised since September 6. It noticed the breach on November 17 and is now working to change exposed passwords and other affected data.<\/b>
\nInternet domain registrar and web hosting company, GoDaddy, has told the SEC that, last Wednesday, it noticed that its Managed WordPress hosting environment had been breached with the attacker using a compromised password to gain access. According to the filing, the unauthorised third-party has had access to a provisioning system in the legacy code base for Managed WordPress since September 6 and that user data was compromised. GoDaddy revealed that the vulnerability gave access to a variety of customer information including 1.2 million active and inactive Managed WordPress customers\u2019 email addresses and customer numbers, some WordPress Admin passwords, sFTP and database usernames and passwords, as well as SSL private keys for a subset of users. To help secure users\u2019 data, the firm has reset the affected WordPress Admin passwords, it has reset sFTP and database passwords, and it\u2019s in the process of issuing and installing new certificates for customers affected by the SSL private keys breach. If you were personally affected by this breach, GoDaddy will be contacting you with specific details. Commenting on the breach, Demetrius Comes, Chief Information Security Officer at GoDaddy, said: To help in its ongoing investigation, GoDaddy is working with an IT forensics firm as well as law enforcement; hopefully, it will be able to find whoever was behind the breach.<\/p>\n