GoDaddy data breach hits resellers of WordPress hosting services

GoDaddy claims that the recently disclosed data breach affecting approximately 1.2 million customers also affected several resellers of managed WordPress services.

According to Dan Rice, vice president of corporate communications at GoDaddy, the six resellers also affected by this massive breach are tsoHost, Media temple, 123Reg, Domain factory, Internet heart, and Host Europe.

GoDaddy acquired these brands after purchasing web hosting and cloud services companies Host Europe Group in 2017 and the Media Temple in 2013.

“A small number of active and inactive managed WordPress users of these brands were affected by the security incident,” Rice Recount The WordPress security company Wordfence.

“No other brand is impacted. These brands have already contacted their respective customers with specific details and recommended actions.”

Hacked using a compromised password

The data breach was discovered by GoDaddy last Wednesday, November 17, but, as separately disclosed in a filing filed with the U.S. Securities and Exchange Commission on Monday, client data has since been exposed to least September 6, 2021, after unknown actors gain access to the company’s managed WordPress hosting environment.

“Our investigation is ongoing, but we have determined that on or around September 6, 2021, an unauthorized third party gained access to certain authentication information for administrative services, in particular your customer number and e-mail address. mail associated with your account; your WordPress administrator login set at the start; and your sFTP and database usernames and passwords, “GoDaddy told customers in data breach notification letters sent this week.

“What this means is that the unauthorized party might have been given the ability to access and make changes to your managed WordPress service, including modifying your website and the content stored there. “

The attackers gained access to the following customer information from GoDaddy after violating the company’s provisioning system for Managed WordPress:

  • Up to 1.2 million active and inactive managed WordPress customers had their email address and customer number exposed. Exposing email addresses poses a risk of phishing attacks.
  • The original WordPress administrator password that was set during provisioning has been exposed. If those credentials were still in use, we reset those passwords.
  • For active clients, sFTP and database user names and passwords have been exposed. We reset both passwords.
  • For a subset of active clients, the SSL private key has been exposed. We are in the process of issuing and installing new certificates for these customers.

GoDaddy has not yet released a public statement regarding this data breach on its website.

Not the first rodeo

This isn’t the first data breach or cybersecurity incident the web hosting giant has revealed in recent years.

Another breach came to light last year, in May, when GoDaddy alerted customers that hackers were using their web hosting account credentials to log into their hosting account through SSH.

GoDaddy’s security team discovered the flaw after finding a corrupted SSH file in the company’s hosting environment and noticing suspicious activity on a subset of GoDaddy’s servers.

In 2019, GoDaddy injected JavaScript into US customer sites without their knowledge, potentially rendering them inoperative or impacting overall website performance.

GoDaddy is one of the world’s largest web hosting companies and domain registrars, providing services to over 20 million customers worldwide.

Comments are closed.