In a report filed with the SEC, GoDaddy confirmed that the company had detected unauthorized access to its systems where it hosts and manages their customers’ WordPress servers. Apparently the intruder used a compromised password to access the system on the 6th of September, 2021, but was only discovered just last week.
It appears that this was due to GoDaddy storing sFTP credentials in plaintext or a format that could be reversed into plaintext, meaning that the attacker did not need to crack these passwords in order to gain access to the system. As a result of the attack, the attacker would have access to user email addresses, numbers, and also the original WordPress Admin password that hopefully users had changed once they had setup their WordPress site.
GoDaddy says they will be reaching out to impacted customers over the next few days, but even if you weren’t affected, it might still be a good idea to revisit your security settings and consider setting up two-factor authentication for your account.