WordPress

Compromised password leads to hack of GoDaddy’s managed WordPress service – Canada.com

Summary


Breadcrumb Trail Links

Innovation

Author of the article:

Publishing date:

Nov 23, 2021  •  10 minutes ago  •  4 minute read  •  Join the conversation  

Article content

Administrators of WordPress sites using GoDaddy’s WordPress managed hosted service are being warned to change their passwords and watch for phishing attacks after the provider admitted it was hacked last week.

…….

npressfetimg-7568.png

Author of the article:

Publishing date:

Nov 23, 2021  •  10 minutes ago  •  4 minute read  •  Join the conversation  

Article content

Administrators of WordPress sites using GoDaddy’s WordPress managed hosted service are being warned to change their passwords and watch for phishing attacks after the provider admitted it was hacked last week.

Advertisement

This advertisement has not loaded yet, but your article continues below.

Article content

The way the attacker got in: A compromised password.

In a posting today with the U.S. Securities and Exchange Commission (SEC), GoDaddy chief information security officer Demetrius Comes said an attacker exploited a vulnerability between September 6 and November 17th to gain access to the following customer information:

–the original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, GoDaddy reset those passwords;

–up to 1.2 million active and inactive managed WordPress customers had their email addresses and customer number exposed. The exposure of email addresses presents risk of phishing attacks, the provider said;

–for active customers, sFTP and database usernames and passwords were exposed. GoDaddy reset both passwords;

–for a subset of active customers, the SSL private key was exposed. GoDaddy is in the process of issuing and installing new certificates for those customers.

“Our investigation is ongoing and we are contacting all impacted customers directly with specific details,” said the GoDaddy statement. “Customers can also contact us via our help center, which includes phone numbers based on country

“We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

Advertisement

This advertisement has not loaded yet, but your article continues below.

Article content

It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext, commented WordFence , which sells WordPress security solutions. “They did this rather than using a salted hash, or a public key, both of which are considered industry best practices …….

Source: https://o.canada.com/technology/compromised-password-leads-to-hack-of-godaddys-managed-wordpress-service