In large cases of data violations, Godaddy Inc. claims that up to 1.2 million WordPress customers managed actively and inactive have their email address and customer number open.

Godaddy Inc., an Internet domain registrar and web hosting company, in a statement released on Monday night, claiming that on November 17, 2021, the company found unauthorized third-party access to the managed WordPress hosting environment. Next then say that exposure is the result of phishing attacks.

The next statement rang that while the initial investigation had revealed that access was obtained using passwords that were compromised for early September 6, 2021.

GoDaddy claims that while the original WordPress admin password is set when supplying exposure, if the same credential is still used, the company has reset the password.

“For active customers, the SFTP username and database are exposed. We rearrange the two passwords. For an active subset customer, the SSL private key is exposed. We are in the process of publishing and installing new certificates for these customers,” said the giant domain registrar.

The next statement added that while the company’s investigation was ongoing and they contacted all customer affected directly with specific details.