Web hosting company GoDaddy Inc. said earlier this week that the email addresses of about 1.2 million active and inactive Managed WordPress customers were exposed in an unauthorized third-party access.
"We identified suspicious activity in our Managed WordPress hosting environment and immediately initiated an investigation with the help of an IT forensics firm and contacted the authorities," said Demetrius Comes, Director of Information Security.
According to the company, the incident started on September 6, 2021 and was only discovered on November 17, two months later
Security researchers indicate that the cause of the vulnerability was due to inadequate security that did not meet industry best practices.
According to GoDaddy the passwords of affected customers have been changed.
However, simply changing passwords does not completely fix the possible problems left behind by hackers.
GoDaddy assured that it immediately blocked the "unauthorized third party," and that an investigation is still ongoing.
The company saw its shares drop by about 1.6% upon the discovery of the hack.