The breach also exposed users' sFTP credentials (used for file sharing) and the username and passwords of their WordPress databases. Some security certificates (https) were also compromised, which if abused, can allow an attacker to impersonate a customer’s website or services, said GoDaddy.