GoDaddy wants you to know that it’s really sorry.
The web-hosting service disclosed Monday that it was the victim of a hack, and that, yes, customer data was stolen. The company said in a statement filed to the SEC that whoever got access to its Managed WordPress hosting environment did so back in September, but that GoDaddy only realized something was off last Wednesday.
“We are sincerely sorry for this incident and the concern it causes for our customers,” read the statement from the company. “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down.”
According to its SEC disclosure, first reported by Engadget, hackers got access to as many as 1.2 million current and inactive WordPress customers’ emails and customer numbers. For a subset of those, database usernames and passwords, along with SSL private keys, were also exposed.
GoDaddy claims to have over 20 million customers.
When reached for comment, the company confirmed that it is in the process of notifying affected customers via email.
“We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” continued GoDaddy’s statement.
Notably, stolen customer emails and customer numbers may lead to targeted phishing of GoDaddy customers — something GoDaddy itself specifically calls out in its SEC disclosure. This, of course, would be a bad look for any organization. However, for a company that used fake holiday bonuses as a phishing test on its own employees in 2020, it’s particularly awful.
