From WordFence: 11-22-21
GoDaddy announced this morning that they have been breached. Our team took a deep dive into the breach and found that GoDaddy appears to have stored passwords in plaintext, or in a format that could be reversed back into plaintext, which is not an industry best practice.
We confirmed this by signing into a GoDaddy Managed WordPress Hosting Account and verifying that we were able to view our own sFTP password. That means the attacker didn’t need to crack the passwords and could likely retrieve them directly.
According to GoDaddy’s own SEC filing: “For active customers, sFTP and database usernames and passwords were exposed.“
The attacker had access to GoDaddy’s systems for over two months before they were discovered.
We have published a detailed post explaining how customers are affected, and what to do. Please pay special attention to our comments regarding your own customer notification obligations, if your site(s) are affected by this.