Attacked over a million WordPress websites

top cybersecurity companies

1.2 million WordPress website owners, hosted by GoDaddy, have been victims of data leaks. GoDaddy admitted that after an internal investigation.

GoDaddy is the world’s leading web hosting company with ten million more websites than the competition. The company has now had to admit that the data of 1.2 million of its WordPress customers has been disclosed.

In a report to the Securities and Exchange Commission (SEC), GoDaddy’s Chief Information Security Officer (CISO), Demetrius Comes, stated that the company had discovered unauthorized access to its managed WordPress servers. To be precise, as of September 6, 2021, hackers have opened information about 1.2 million active and inactive managed WordPress customers.

According to WordPress, this managed service is a streamlined, optimized hosting for creating and managing WordPress sites. GoDaddy takes care of basic administrative hosting tasks like installing WordPress, automatic daily backups, WordPress core updates, and server-level caching. The tariffs for WordPress hosting start at GoDaddy at 4.99 euros per month.

Both the e-mail addresses and the customer numbers of the customers were disclosed. GoDaddy warns users that this disclosure creates an increased risk of phishing attacks. The web host also announced that the original WordPress administrator password that was created when WordPress was first installed has also been disclosed. So if you never changed that password, hackers would have had access to your website for months.

In addition, the user names and passwords for sFTP and databases were disclosed to active customers. GoDaddy reset both of these passwords. Finally, the private SSL (Secure Socket Layer) key was disclosed to some active customers. GoDaddy is currently issuing and installing new certificates for these customers.

WordFence, a WordPress security company, wrote in its report, “It appears that GoDaddy stored sFTP credentials either in clear text or in a format that can be converted to clear text. This was done instead of using a salted hash or a public key, both of which are considered best practices for sFTP. This enabled an attacker to have direct access to password data without having to crack it. “

WordFence added in another report on November 23: “We have received confirmation from GoDaddy that several brands that resell GoDaddy Managed WordPress are affected.

According to Dan Rice, VP of Corporate Communications at GoDaddy, “The GoDaddy brands that are reselling GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at these brands were affected by the security incident. Other brands are not affected. These brands have already contacted their respective customers with specific details and recommended actions. “

tsoHost, 123Reg, Domain Factory, Heart Internet and Host Europe were acquired by GoDaddy in 2017 as part of the Host Europe Group, while Media Temple was acquired by GoDaddy in 2013.

GoDaddy announced that the investigation is still ongoing. The company will contact all affected customers directly to provide them with further details. Customers can also contact GoDaddy through its Help Center. This page contains phone numbers for users in the affected countries.

Leave a Reply

Your email address will not be published. Required fields are marked *