[TheRecord] GoDaddy data breach impacts 1.2 million WordPress site owners

Internet infrastructure company GoDaddy said on Monday that a hacker gained access to the personal information of more than 1.2 million customers of its WordPress hosting service.

In documents filed with the US Securities and Exchange Commission earlier today, GoDaddy said it discovered the breach last week, on November 17, after noticing “suspicious activity” on its Managed WordPress hosting environment.

The subsequent investigation found that a hacker had access to its servers for more than two months, since at least September 6.

Based on current evidence, GoDaddy said the hacker gained access to the following information:

Up to 1.2 million active and inactive Managed WordPress customers had their email addresses and customer numbers exposed.The original WordPress Admin password that GoDaddy issued to customers when a site was created.For active customers, sFTP and database usernames and passwords were exposed.For a subset of active customers, the SSL private key was exposed.

GoDaddy said it already reset sFTP and database passwords exposed in the hack. It also reset the admin account password for customers who were still using the default one that GoDaddy issued when their sites were created.

The company said it’s still in the process of issuing and installing new SSL certificates for affected customers, a process that is a little bit more complicated than resetting passwords.

GoDaddy said it notified law enforcement and is working with an IT forensics firm to investigate the incident further. Customer notifications have also been sent out today, The Record has learned from two site owners.

“We are sincerely sorry for this incident and the concern it causes for our customers,” said Demetrius Comes, Chief Information Security Officer at GoDaddy.

This is the company’s second breach in the past two years, after a hacker accessed SSH accounts for some customers in early 2020, according to a letter [PDF] filed with state officials in May 2020.

The post GoDaddy data breach impacts 1.2 million WordPress site owners appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack

All posts, HackerNews

SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring […]

Read More

[SecurityWeek] What’s in a Threat Group Name? An Inside Look at the Intricacies of Nation-State Attribution

All posts, Security Week

Understanding the naming conventions of various threat groups can help us better understand the overall threat landscape read more Source: Read More (SecurityWeek RSS Feed)

Read More

Daily NCSC-FI news followup 2020-12-03

Widespread android applications still exposed to vulnerability on google play core library blog.checkpoint.com/2020/12/03/widespread-android-applications-still-exposed-to-vulnerability-on-google-play-core-library/ A new vulnerability for the Google Play Core Library was published late August, given the CVE-2020-8913, which allows Local-Code-Execution (LCE) within the scope of any application that has the vulnerable version of the Google Play Core Library. Code execution is an attackers […]

Read More