New Delhi: Web hosting giant GoDaddy has been hit by a massive security breach due to which 1.2 million of its WordPress customers' sensitive information has been compromised, the company has revealed. According to a filing with the US Securities and Exchange Commission (SEC), the security breach that gave third-party access to GoDaddy's 'Managed WordPress hosting environment' took place last week.
According to a company blog post, GoDaddy's Chief Information Security Officer (CISO) Demetrius Comes mentioned that they discovered unauthorised access to its managed WordPress servers on November 17.
"Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks," Comes said in a statement late on Monday.
"We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorised third party accessed the provisioning system in our legacy code base for Managed WordPress," the company added.
The company is investigating the breach and said it has blocked the unauthorised third party after detecting it.
Meanwhile, earlier this month, the company had signed a pact to acquire California-based payments processor Poynt in a $365 million deal which included $320 million in cash at closing and $45 million in deferred cash payments subject to certain performance and employment conditions over three years.
Integrating Poynt with GoDaddy's websites, marketing and WordPress commerce services will enable small businesses to boost sales and customer satisfaction by bridging both online and offline shopping experiences, the company had said.