GoDaddy (a domain registrar and web hosting company) has been breached by hackers.
Possible information stolen includes customer & employee login credentials – so anybody with GoDaddy (domains or hosting, etc) should change their passwords on all GoDaddy logins (and if they re-used the password elsewhere, change that too).
We’re not sure what other data may have been stolen.
Of note, attackers were able to install malware onto GoDaddy servers which affected their customers – so visitors would occasionally be redirected from the intended website to a malicious site somewhere. Any sites hosted by GoDaddy should be treated as suspect.
Personally, we’d advise setting up a clean install on a different host, carefully migrating data to ensure it’s clean, then nuking the old host from orbit.
We’re also seeing many reports of people seeing strange stuff on their site, reporting it to GoDaddy, and being told “it’s a plugin, just update your site”, instead of anyone addressing the problem.
So this may have been going on years.
If you have domains registered through GoDaddy, we recommend you immediately change your passwords.