GoDaddy Security Breach Affects 1 Million WordPress Users

Share post:

GoDaddy recently announced that it is in the midst of a major security breach that has affected the accounts of more than one million of its WordPress clients.

During the filing last Monday with the Securities and Exchange Commission, GoDaddy Chief Information Security Officer Demetrius Comes said that on November 17, 2021, the hosting company was able to detect unauthorized third-party access to its managed WordPress hosting environment.

After consulting law enforcement officers and further investigation at an IT forensics firm, GoDaddy discovered that the third party used a compromised password to gain access to the provisioning system in its legacy code base for Managed WordPress.

GoDaddy provides Managed WordPress hosting for users who want to create and manage their own WordPress blogs and websites. Simply, the “managed” part means that GoDaddy will be the one to do all the basic administrative tasks, including installing and updating WordPress and backing up hosted websites.

The breach has already led to a number of problems. First, the email addresses and customer numbers of around 1.2 million active and inactive Managed WordPress users were disclosed. Second, the original WordPress Admin passwords set at the time of deployment were also uncovered and already reset by GoDaddy.

Third, the Secure File Transfer Protocol (sFTP) and database usernames and passwords have been compromised and reset by the company. Fourth, the SSL private key has been exposed to a number of active customers, which means that the company must issue new SSL certificates for these customers.

Comes explained that GoDaddy had already blocked the third party out of its system. However, the company also found that the perpetrators had been using the compromised password since September 6, giving them more than two months to wreak havoc on the system before they were discovered.

The investigation is still ongoing. On behalf of the company, Comes has apologized for the breach and committed to improving GoDaddy’s provisioning system with more layers of protection.

However, the extent of the damage caused by this breach has yet to be assessed. Since so many accounts have been exposed, there is a very high probability that the attackers would hurry to exploit the stolen login credentials and other data to launch even more attacks

For more information, read the original story in TechRepublic.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways