Hackers have, since September, accessed usernames, passwords, email addresses and SSL private keys for GoDaddy customers by compromising their Managed WordPress hosting environment.
The US-based Internet domain registrar and web hosting company said an unauthorised third party accessed GoDaddy’s provisioning system in its legacy code base for Managed WordPress using a compromised password.
The adversary began exploiting the vulnerability on September 6, and GoDaddy discovered the unauthorised access on November 17, according to the company.
“We are sincerely sorry for this incident and the concern it causes for our customers,” GoDaddy chief information security officer Demetrius Comes said in a statement. “We, GoDaddy leadership and employees, take our…