GoDaddy announced this morning that they have been breached. GoDaddy appears to have stored passwords in plaintext, or in a format that could be reversed back into plaintext, which is not an industry best practice.
According to GoDaddy's own SEC filing: "For active customers, sFTP and database usernames and passwords were exposed."
The attacker had access to GoDaddy's systems for over two months before they were discovered.
Click link below for a detailed post explaining how customers are affected, and what to do. Please pay special attention to our comments regarding your own customer notification obligations, if your site(s) are affected by this.