Godaddy For WordPress: According to a statement filed with the SEC on Monday, GoDaddy suffered a security breach that gave an attacker access to more than 1 million email addresses belonging to the company’s active and inactive Managed WordPress subscribers.
In early September, the attacker “used a compromised password” to obtain access to a provisioning system (meant to set up and automatically configure new sites when clients create them), according to the business. According to GoDaddy, the intrusion was discovered on November 17th, and the attacker was immediately locked out before an investigation was launched and law enforcement was contacted.
THE ATTACKER HAD ACCESS TO EMAILS AND MUCH MORE DUE TO THE COMPROMISED PASSWORD.
The hackers had access to more than just email addresses; they also had access to the provisioner’s original WordPress admin passwords, as well as the credentials for active users’ databases and sFTP systems. Some users’ private SSL keys were also exposed, according to the firm, which is responsible for proving that a website is who it claims to be (powering the little lock icon you often see in your browser’s address bar).
GoDaddy said it’s attempting to fix the problem by resetting impacted passwords and, if necessary, regenerating security certificates. “All impacted consumers will be contacted individually with detailed facts,” the company adds. While those appear to be proper actions, having to deal with a password reset will most likely be inconvenient for some individuals.
GoDaddy did not immediately respond to a request for comment on how the attacker obtained the password that the business claims was used to gain access to its systems. However, the notification does state that the probe is still underway.
Phishing or social engineering has been blamed for recent attacks at other firms (though there have also been instances of simply poor password security). When it comes to bogus emails, GoDaddy has a bad history of testing its employees’ cybersecurity awareness, but attackers only need to get lucky once to gain access to massive amounts of data.