Security News
Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange Commission, the world's largest domain registrar said that a malicious third-party managed to gain access to its Managed WordPress hosting environment on September 6 with the help of a compromised password, using it to obtain sensitive information pertaining to its customers.
Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen. The GoDaddy breach affecting 1.2 million customers has widened - it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected.
GoDaddy says the recently disclosed data breach affecting roughly 1.2 million customers has also hit multiple Managed WordPress services resellers. GoDaddy acquired these brands after buying web hosting and cloud services companies Host Europe Group in 2017 and Media Temple in 2013.
GoDaddy stated that default WordPress admin passwords, created when each account was opened, were accessed, too, though we're hoping that few, if any, active users of the system had left this password unchanged after setting up their WordPress presence. We're assuming, if the passwords had been salted-hashed-and-stretched, as you might expect, that GoDaddy would have reported the breach by saying so, given that properly-hashed passwords, once stolen, still need to be cracked by the attackers, and with well-chosen passwords and a decent hashing process, that process can take weeks, months or years.
GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. For active customers: sFTP and database usernames and passwords.
Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers. On Monday, the world's largest domain registrar said in a public filing to the SEC that an "Unauthorized third party" managed to infiltrate its systems on Sept. 6 - and that the person(s) had continued access for almost two and a half months before GoDaddy noticed the breach on Nov. 17.
GoDaddy has admitted to America's financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys. GoDaddy's chief information security officer Demetrius Comes said his company "Immediately began an investigation with the help of an IT forensics firm and contacted law enforcement."
GoDaddy has been on the receiving end of a security breach that has affected the accounts of more than 1 million of its WordPress customers. After contacting law enforcement officials and investigating the incident with an IT forensics firm, GoDaddy found that the third party used a compromised password to access the provisioning system in its legacy code base for Managed WordPress.
In a data breach notification published today, GoDaddy said that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment."Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center which includes phone numbers based on country."
Cybercriminals were able to change the DNS settings of some cryptocurrency websites after tricking GoDaddy employees into providing them with access to customer accounts. On November 18, both services announced that threat actors were able to breach their internal systems after GoDaddy incorrectly handed over control of their accounts.