GoDaddy, the Tempe-based domain registrar and web hosting company, discovered a cyber intrusion in its system last week that exposed more than a million accounts, according to a filing made on Monday with the Securities and Exchange Commission.
GoDaddy said an unauthorized third party gained access to its Managed WordPress hosting environment on Sept. 6 by using a compromised password. GoDaddy found and blocked the intruders on Nov. 17 after they had been in the system for more than a month.
During that time, the intruders had access to information for up to 1.2 million active and inactive Managed WordPress customers, exposing their email addresses and customer numbers.
A number of passwords were also exposed to the intruders. GoDaddy has reset exposed passwords for users and it is in the process of installing new security certificates for other customers.