WordPress

GoDaddy Spanked For Massive Security Breach Putting 1.2M WordPress Accounts At Risk – Hot Hardware

Summary

It would seem that not even GoDaddy can keep all the children of the internet behaving as they should. The very popular internet domain registrar and web hosting giant announced yesterday that its security was compromised last week.

GoDaddy announced yesterday that it had discovered on November 17th there was an unauthorized thi…….

It would seem that not even GoDaddy can keep all the children of the internet behaving as they should. The very popular internet domain registrar and web hosting giant announced yesterday that its security was compromised last week.

GoDaddy announced yesterday that it had discovered on November 17th there was an unauthorized third-party that had gained access to its Managed WordPress hosting environment. The actual security breach began on September 6, 2021 where the unauthorized party used a vulnerability to gain access to customer information. Once identified, GoDaddy launched an investigation with the help of an IT forensics firm and contacted law enforcement.
The customer information that was compromised included up to 1.2 million active and inactive Managed WordPress customers email addresses and customer numbers. GoDaddy warns that phishing attacks could be possible via these email addresses.  Also exposed, the original WordPress Admin password that was used at the time of provisioning.

If any of these passwords were still being used, GoDaddy has already taken steps to reset them. If anyone was an active customer, their sFTP and database usernames and passwords were accessed in the breach. The company has reset the passwords for those as well. Finally, for a subset of active customers, the SSL private key was exposed. GoDaddy is in the process of installing new certificates for any customer that was affected by this.

GoDaddy apologized in a filing with the SEC saying, “We are sincerely sorry for this incident and the concern it causes for our customers.” The apology may come as little consolation for the 1.2 million customers whose data has been placed at risk due to the security breach. Especially since the attack went unnoticed for more than two months before GoDaddy was able to identify it and take action. Anyone who was using GoDaddy’s Managed WordPress product during the time of the breach should consider their data as being part of what was exposed until they are notified differently.

It is likely that the breach occurred due to GoDaddy storing sFTP credentials as either plaintext, or in a format that could be reversed into plaintext. There is a more secure ways the company could have been storing this data, which would includes using either a salted hash or a public key. It was this practice that gave the attacker access to password credentials without having to break a sweat.

One of the major concerns of this attack comes from the breach of the sFTP and Database passwords. While GoDaddy did reset the passwords for both once it found the breach, the person(s) who committed the attack had around a month and a half where they could have infected a users website with malware or adding a malicious administrative user. This would mean that the attacker could still have control and access to certain websites that were affected even after the passwords were changed by GoDaddy.

Some of the recommended actions are that if you are operating an e-commerce site and GoDaddy informs you …….

Source: https://amp.hothardware.com/news/godaddy-massive-security-breachwordpress-accounts