GoDaddy Wordpress breach exposes everything

I thought that as a noteworthy server compromise this would be a more appropriate place for this thread than General, subject to forum mod's discretion.

This article from TechRepublic has most of the noteworthy details.

Quote:

GoDaddy has been on the receiving end of a security breach that has affected the accounts of more than 1 million of its WordPress customers. In a Monday filing with the Securities and Exchange Commission, Chief Information Security Officer Demetrius Comes said that on Nov. 17, 2021, the hosting company discovered unauthorizing access by a third party to its Managed WordPress hosting environment. After contacting law enforcement officials and investigating the incident with an IT forensics firm, GoDaddy found that the third party used a compromised password to access the provisioning system in its legacy code base for Managed WordPress. The breach led to a number of issues that have hit customers and forced the company to react. * First, the email addresses and customer numbers were exposed for 1.2 million active and inactive Managed WordPress customers. * Second, the original WordPress Admin passwords set at the time of provisioning were exposed, requiring GoDaddy to reset them. * Third, the sFTP (Secure File Transfer Protocol) and database usernames and passwords were compromised, forcing GoDaddy to reset those as well. * Fourth, the SSL private key was exposed for a certain number of active customers. After learning about the breach, Comes said that GoDaddy blocked the third party from its system. However, the attacker had already been using the compromised password since Sept. 6, giving them more than two months to do damage before they were discovered.

That looks pretty serious - and the attacker had access fo more than two months.

Is anyone here affected by this? Were you aware of it?