Security News > 2021 > November > GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed

GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed
2021-11-23 10:10

GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers.

For active customers: sFTP and database usernames and passwords.

The investigation is still ongoing, but in the meantime, GoDaddy has reset the original WordPress Admin passwords still in use, the sFTP and database passwords for active customers, and are in the process of issuing and installing new SSL certificates for those active customers whose SSL private key was exposed.

"Additionally, with database access, the attacker would have had access to sensitive information, including website customer PII stored on the databases of the impacted sites, and may have been able to extract the contents of all impacted databases in full. This includes information such as the password hashes stored in the WordPress user accounts databases of affected sites, and customer information from e-Commerce sites," Maunder continued.

"While GoDaddy is working to update all the new SSL certificates, it will take time to accomplish this. As such, to mitigate current vulnerabilities, customers of GoDaddy need to check that the certificates are updated and change the passwords for sFTP access to new and unique numbers, letters and symbols. I'd also recommend incorporating a cryptographic agility capability, which will enable a quick rollover of certifications and keys," he advises.

"Last, the long-term resolution to ensuring an organization's most valuable asset - its digital presence - is protected is to begin using short-lived certificates and incorporating full automation to manage its lifecycle. This way, if the keys are compromised, they are not used by attackers and the window of opportunity for such sophisticated attacks are reduced. Customers of GoDaddy should monitor for unusual activity and report any red flags to the government/FTC as soon as possible."


News URL

https://www.helpnetsecurity.com/2021/11/23/godaddy-wordpress-breach/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 49 36 409 104 29 578