GoDaddy security breach impacts more than 1 million WordPress users

3 years ago 273

The hosting institution has revealed a information incidental that exposed the email addresses and lawsuit numbers of 1.2 cardinal Managed WordPress customers.

GoDaddy motion   extracurricular  headquarters

Image: BCFC/Shutterstock

GoDaddy has been connected the receiving extremity of a information breach that has affected the accounts of much than 1 cardinal of its WordPress customers. In a Monday filing with the Securities and Exchange Commission, Chief Information Security Officer Demetrius Comes said that connected Nov. 17, 2021, the hosting institution discovered unauthorizing entree by a 3rd enactment to its Managed WordPress hosting environment. After contacting instrumentality enforcement officials and investigating the incidental with an IT forensics firm, GoDaddy recovered that the 3rd enactment utilized a compromised password to entree the provisioning strategy successful its bequest codification basal for Managed WordPress.

SEE: Security Awareness and Training policy (TechRepublic Premium)

The breach led to a fig of issues that person deed customers and forced the institution to react. First, the email addresses and lawsuit numbers were exposed for 1.2 cardinal progressive and inactive Managed WordPress customers. Second, the archetypal WordPress Admin passwords acceptable astatine the clip of provisioning were exposed, requiring GoDaddy to reset them.

Third, the sFTP (Secure File Transfer Protocol) and database usernames and passwords were compromised, forcing GoDaddy to reset those arsenic well. Fourth, the SSL backstage cardinal was exposed for a definite fig of progressive customers. The institution said that it's presently mounting up caller SSL certificates for those customers.

After learning astir the breach, Comes said that GoDaddy blocked the 3rd enactment from its system. However, the attacker had already been utilizing the compromised password since Sept. 6, giving them much than 2 months to bash harm earlier they were discovered.

"GoDaddy is simply a $3.3B institution who you tin presume has a ample concern successful cybersecurity, yet they inactive had an adversary successful their situation for 72 days," said Ian McShane, tract CTO for Arctic Wolf. "While it's often said that the mean clip to detection numbers are inflated (208 successful the latest Ponemon [study]) and bash not bespeak the world of a non-nation authorities attacker, this idiosyncratic managed to debar being caught for 2 months."

GoDaddy offers Managed WordPress hosting for customers who privation to make and negociate their ain WordPress blogs and websites. The "managed" portion of the equation means that GoDaddy handles each the basal administrative chores, specified arsenic installing and updating WordPress and backing up hosted sites. The provisioning strategy for WordPress bequest codification points to codification that indispensable beryllium maintained for the merchandise to beryllium backward compatible.

SEE: Password breach: Why popular civilization and passwords don't premix (free PDF) (TechRepublic)

The probe is ongoing, according to Comes, who said that the institution is alerting each affected customers with much details. Apologizing for the breach, Comes promised that GoDaddy would larn from the incident, starting with the institution present improving its provisioning strategy with much layers of protection.

"Any breach is unfortunate, particularly wherever implicit a cardinal lawsuit records person been perchance compromised," said Javvad Malik, information consciousness advocator for KnowBe4. "Many individuals and tiny businesses trust connected WordPress and GoDaddy to person a web presence, and this benignant of breach tin person a large impact."

While expressing concerns that the attacker was successful GoDaddy's server for much than 2 months, Malik praised the institution for its response.

"The institution has reset exposed sFTP, database and admin idiosyncratic passwords and is installing caller SSL certificates," Malik said. "In addition, the institution contacted instrumentality enforcement, a forensics team, and notified customers. All of this is an perfect playbook from which different organizations could larn to amended recognize however to respond to a breach."

However, the ramifications from this breach are inactive to beryllium determined. With truthful galore accounts compromised, cybercriminals volition astir surely unreserved to exploit the stolen credentials and different information for caller attacks.

"The fig of affected accounts—1.2 million—is truthful large that it feels similar this would person been a lucrative ransomware opportunity, truthful determination mightiness beryllium much to travel from this story, peculiarly arsenic we've seen much and much breaches devolve into ransomware and extortion sagas," McShane said.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article