In a data breach notification issued yesterday, web hosting company GoDaddy revealed it had suffered a massive data breach that exposed approximately 1.2 million customers.
What Happened?
According to the notification, GoDaddy noticed the incident on November 17th after cybercriminals managed to obtain access to the web hosting giant’s Managed WordPress hosting environment.
According to BleepingComputer, threat actors have had access to the company’s systems and the data on the compromised networks since at least September 6, 2021.
We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.
Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.
What Is GoDaddy?
As per Wikipedia, GoDaddy Inc. is an American publicly traded Internet domain registrar and web hosting company that provides services to more than 20 million customers all over the globe.
What Happens Next?
The investigation is underway, according to GoDaddy, which is contacting all affected customers individually with detailed information. Clients can also use the company’s help center to get in touch with them.
As per the notification, the unauthorized third party used the compromised password to gain access to the following information belonging to GoDaddy customers:
- Up to 1.2 million active and inactive Managed WordPress customers had their email addresses and customer numbers exposed. The exposure of email addresses presents risk of phishing attacks.
- The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, the company will reset those passwords.
- For active customers, sFTP and database usernames and passwords were exposed. GoDaddy will reset both passwords.
- For a subset of active customers, the SSL private key was exposed. The company is in the process of issuing and installing new certificates for those customers.
Not Its First Rodeo
Last year, in May, the web hosting firm informed some of its clients that in October, an unauthorized party utilized their web hosting account login details to connect to their hosting account using SSH.
GoDaddy’s security team discovered the attack after noticing a changed SSH file in GoDaddy’s hosting environment and suspicious behavior on a subset of GoDaddy’s servers.
According to BleepingComputer, two years ago, scammers created 15,000 subdomains using hundreds of hijacked GoDaddy accounts, seeking to pose as popular websites and sending possible targets to spam pages promoting snake oil products.
How Can Heimdal™ Help You?
Data breaches are very common nowadays and system vulnerabilities usually facilitate hackers’ infiltration. That is why a system should be always updated and have the latest patches applied. But what do you do if you cannot keep always track of what patches need to be applied? You use an automated Patch Management Solution.
Heimdal™ has this solution and it’s very efficient because it really saves you time. You will always have control over your software inventory, enabling patch management from anywhere in the world. What’s even cooler is the vendor to end-user waiting time, this means that in less than 4 hours the released patches, tested and repackaged, are available in your Heimdal cloud for deployment. Find more on our website!
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.