Security News
GoDaddy stated that default WordPress admin passwords, created when each account was opened, were accessed, too, though we're hoping that few, if any, active users of the system had left this password unchanged after setting up their WordPress presence. We're assuming, if the passwords had been salted-hashed-and-stretched, as you might expect, that GoDaddy would have reported the breach by saying so, given that properly-hashed passwords, once stolen, still need to be cracked by the attackers, and with well-chosen passwords and a decent hashing process, that process can take weeks, months or years.
GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. For active customers: sFTP and database usernames and passwords.
Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers. On Monday, the world's largest domain registrar said in a public filing to the SEC that an "Unauthorized third party" managed to infiltrate its systems on Sept. 6 - and that the person(s) had continued access for almost two and a half months before GoDaddy noticed the breach on Nov. 17.
GoDaddy has admitted to America's financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys. GoDaddy's chief information security officer Demetrius Comes said his company "Immediately began an investigation with the help of an IT forensics firm and contacted law enforcement."
GoDaddy has been on the receiving end of a security breach that has affected the accounts of more than 1 million of its WordPress customers. After contacting law enforcement officials and investigating the incident with an IT forensics firm, GoDaddy found that the third party used a compromised password to access the provisioning system in its legacy code base for Managed WordPress.
In a data breach notification published today, GoDaddy said that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment."Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center which includes phone numbers based on country."
Cybercriminals were able to change the DNS settings of some cryptocurrency websites after tricking GoDaddy employees into providing them with access to customer accounts. On November 18, both services announced that threat actors were able to breach their internal systems after GoDaddy incorrectly handed over control of their accounts.
Using social engineering tricks, the hackers were able to change the DNS settings of their victims' domain names, redirecting connections and mail to their own servers. GoDaddy, the world's biggest domain-name registrar, confirmed "a small number of customer domains and/or account information" were altered after "a limited number of GoDaddy employees" were duped.
A recent social-engineering "Vishing" attack on domain registrar GoDaddy temporarily handed over control of cryptocurrency service sites NiceHash and Liquid to fraudsters, exposing personal information of users. "A routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information," the statement read. "Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees."
The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters.