Page last updated on September 24, 2025
GoDaddy Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2021-11-22 09:19:11 EST.
Incident Details
Material: Unknown
Is Breach: Yes
Records Compromised: 1,200,000
Data Types Impacted: Username, Password, Other, Email
Compromised Date: Unknown
Detected Date: Unknown
Disclosure Date: 2021-11-22
Contained Date: Unknown
Recovered Date: Unknown
Attack Goal: Theft
Attack Tactics1: TA0006, TA0001
Attack Techniques1: T1078
Costs: No Costs Tracked (yet)
Filings
8-K filed on 2021-11-22
GoDaddy Inc. filed an 8-K at 2021-11-22 09:19:11 EST
Accession Number: 0001609711-21-000122
Item 7.01 Regulation FD Disclosure.
On November 22, 2021, GoDaddy Inc. published a blog post related to its detection of a data security incident. A copy of that blog post is furnished as Exhibit 99.1 to this Current Report on Form 8-K and incorporated herein in its entirety by reference. Such blog post, including any information that is incorporated herein, is being furnished and shall not be deemed "filed" for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the "Exchange Act"), or otherwise be subject to the liabilities of that section, nor shall it be deemed to be incorporated by reference in any filing under the Securities Act of 1933, as amended, or the rules and regulations of the SEC thereunder, or the Exchange Act or the rules and regulations of the SEC thereunder, except as shall be expressly set forth by specific reference in such filing or document.
Exhibit No. 99.1
Blog post of GoDaddy Inc. dated November 22, 2021
November 22, 2021 GoDaddy Announces Security Incident Affecting Managed WordPress Service On November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment. Here is the background on what happened and the steps we took, and are taking, in response: We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress. Upon identifying this incident, we immediately blocked the unauthorized third party from our system. Our investigation is ongoing, but we have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information:
- Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
- The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.
- For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.
- For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.
Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center (https://www.godaddy.com/help) which includes phone numbers based on country.
We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers' data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.
Demetrius Comes
Chief Information Security Officer
Company Information
| Name | GoDaddy Inc. |
| CIK | 0001609711 |
| SIC Description | Services-Computer Integrated Systems Design |
| Ticker | GDDY - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |