Nov 24, 2021 15:00:00

Email addresses and passwords of 1.2 million WordPress users leaked from GoDaddy

It was discovered that 'Managed WordPress ', one of the services of 'GoDaddy' that provides domain registration and rental server services, was attacked and the information of up to 1.2 million Managed WordPress users was leaked. It is also reported that the damage is spreading to domain registrars and web hosting companies that provide Managed WordPress within the service.

GoDaddy Announces Security Incident Affecting Managed WordPress Service
https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm

GoDaddy Data Breach Impacts 1.2 Million Customers
https://www.channelfutures.com/security/godaddy-data-breach-impacts-1-2-million-customers

GoDaddy Breached --Plaintext Passwords --1.2M Affected
https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/

GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe
https://www.wordfence.com/blog/2021/11/godaddy-tsohost-mediatemple-123reg-domain-factory-heart-internet-host-europe/

GoDaddy reported to the US Securities and Exchange Commission (SEC) that unauthorized third-party access to the company's 'Managed WordPress ' hosting environment was confirmed on November 17, 2021. .. Immediate investigation revealed that since September 16, 2021, an unauthorized third party has used the vulnerability to access the following customer information:

· Email addresses and customer numbers of up to 1.2 million active and inactive users of Managed WordPress. There is a risk of phishing attacks when email addresses are leaked.
-Original WordPress admin password set during provisioning. For this reason, GoDaddy has reset the password for those for which credentials are available.
・ SFTP and database user names and passwords leaked to active customers. In both cases, GoDaddy reset.
-SSL private key leaked to some active users. A new certificate is being issued and installed for the target audience.

'We blocked unauthorized third parties from the system immediately after identifying the incident,' said Demetrius Comes, GoDaddy's Chief Information Security Officer. We are also strengthening our provisioning system as an additional safeguard, Comes said.

On November 23, it was revealed that several services that handled Managed WordPress in the product, such as tsoHost , Media Temple , 123 Reg , DomainFactory , Heart Internet , and Host Europe, were affected by the information leak. rice field.

According to security researcher Nick Tausek , GoDaddy has experienced similar information leaks three times in the last three years. GoDaddy has 35,000 servers hosting more than 5 million websites and is vulnerable to targets due to its many cyberattacks in the past, Tausek said. Millions of people who rely on GoDaddy to do business are seriously affected by such attacks. To ensure that customer data is secure, GoDaddy needs to implement appropriate control systems to thwart cyberattack threats, Tausek said. GoDaddy has also been resetting passwords and private keys following the attack, but that's not enough, said Robert Prigge, CEO of mobile payments and identity verification company Jumio.