skip to Main Content

Over a million breached WordPress sites

WordPress is more than just a blogging platform. It is used by over 42% of all websites. So this is a big deal anytime WordPress has a security hole. Now GoDaddy, the world’s largest web hosting company with tens of millions more sites than its competitors, has announced that the data of 1.2 million of its WordPress customers has been compromised. Demetrius Comes, GoDaddy’s Chief Information Security Officer (CISO), revealed in a Securities and Exchange Commission (SEC) filing that they discovered illegal access to their managed WordPress servers. As of September 6, 2021, the hack has revealed information about 1.2 million active and inactive managed WordPress clients.
WordPress describes this managed service as “streamlined and optimized hosting for creating and managing WordPress sites”. Basic hosting administration responsibilities are handled by GoDaddy, including WordPress installation, automated daily backups, major WordPress updates, and server-level caching. The monthly cost for these plans starts at $ 6.99. Customer email addresses and phone numbers were both exposed. Therefore, GoDaddy warns users that this exposure may increase their vulnerability to phishing attacks. The initial WordPress administrator password, set when you first installed WordPress, was also leaked, according to the host. If you hadn’t updated your password, hackers could have gotten into your website for months.
The sFTP and database user names and passwords of active clients were also exposed. Both of these passwords have been reset by GoDaddy. Finally, the Secure-Sockets Layer (SSL) private key of some active clients was revealed. For these customers, GoDaddy is now reissuing and installing new certificates. According to WordFence, a WordPress security company, in its study, “GoDaddy appears to have kept sFTP passwords in plain text or in a format that could be inverted to plain text. Instead of using a salt hash or a public key, both of which are considered industry best practices for sFTP, they did. An attacker can now directly access password identifiers without having to crack them. “
The investigation into GoDaddy is still ongoing, according to the company. The company contacts all affected customers individually with specific information. Customers can also use the GoDaddy Support Center to get in touch with the company. Users in affected countries can call the telephone numbers listed on this site.

comments

comments

Back To Top