Hackers gained entry to login and FTP credentials, together with 1.2 million electronic mail addresses.
A security breach in GoDaddy’s Managed WordPress atmosphere gave hackers the keys to customers’ WordPress websites.
GoDaddy (NYSE: GDDY) found the difficulty final week and decided that the hackers began exploiting the vulnerability on September 6. Utilizing a compromised password, the hackers accessed the provisioning system within the firm’s legacy code base for Managed WordPress. They had been capable of entry WordPress login credentials and FTP credentials. Per the corporate, right here’s what was uncovered:
• As much as 1.2 million energetic and inactive Managed WordPress customers had their electronic mail tackle and buyer quantity uncovered. The publicity of electronic mail addresses presents threat of phishing assaults.
• The unique WordPress Admin password that was set on the time of provisioning was uncovered. If these credentials had been nonetheless in use, we reset these passwords.
• For energetic customers, sFTP and database usernames and passwords had been uncovered. We reset each passwords.
• For a subset of energetic customers, the SSL personal key was uncovered. We’re within the technique of issuing and putting in new certificates for these customers.
I’ve two websites on GoDaddy’s Managed WordPress platform. (Domain Name Wire is on a unique internet hosting supplier.) On November 3, I acquired an electronic mail that acknowledged:
Throughout a routine audit of our internet hosting atmosphere, we discovered malware in your WordPress website(s). Though the detected malware was not associated to GoDaddy’s internet hosting platform, your security is necessary to us, so our staff proactively eliminated the detected malware for you.
The e-mail didn’t establish which website was impacted, however the bundle I exploit doesn’t embody the removing of malware (that prices further). So it’s potential that an unusually excessive variety of websites wanted malware removing, and GoDaddy did it proactively. I’m unsure that that is associated to the breach, however the timing suggests it may be.