GoDaddy Breach Led to 1.2M WP Customers Affected – Here’s What to Do!

The web hosting giant GoDaddy released a notification last week stating that the company has suffered a major data breach that had resulted in compromising the customer numbers and email addresses of more than 1.2 million managed WordPress customers.

The Chief Information Security Officer of GoDaddy has disclosed that the company discovered unauthorized third-party access to its Managed WordPress Hosting System on 17th Nov, 2021. The company took immediate action against the incident with the help of their IT forensic team and found out that the hackers used a compromised password to get into the system. 

The whole scenario started back on 6th September when 1.2 million or more managed WordPress customers’ numbers and email addresses were compromised.  

However, the web hosting giant has been successful in blocking unauthorized third parties from its system. They also informed law enforcement and other relevant authorities about the breach. Furthermore, the company authorities have also reached to the impacted customers to let them know about the whole breaching thing.

In a statement released by the GoDaddy officials, they apologized for the inconvenience caused to their customers. They added “We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

To What Extent the Attackers Can Go With the Information They Received from GoDaddy Breach?

Although GoDaddy has been successful in gaining access back by resetting the SFTP and Database passwords of all the impacted sites, the attacker had nearly a month and a half of access utilizing which they could have uploaded malware or malicious administrative users to the sites. Doing this would allow them to retain the control on the impacted sites even if the passwords were changed.

Moreover, the hackers also had access to highly confidential information including Website Customer PII that is usually stored on the databases. An access to this sensitive data can help attackers simply gain control of the sites, whenever they want to.

What Safety Measures to Take If You Have a GoDaddy Managed WordPress site?

GoDaddy is reaching out to all of its impacted customers. If you haven’t received any information from the officials yet, you might expect it pretty soon. Until then, we recommend you perform the following actions –

• Step 1 – If you’re running an e-commerce site, or store PII and you have been breached too, please reach out to your customers letting them know about the data breach.
• Step 2 – Change all of your WordPress passwords asap and also force a password reset for your WordPress users or customers. Also, change all reused passwords and ask your customers to do the same.
• Step 3 – Enable 2-factor authentication immediately. To imply this, you may also use the Wordfence plugin as a free feature for WordPress sites.
• Step 4 – Scan the entire site using a security scanner to detect if any malware is there.
• Step 5 – Also verify if your website’s file system including wp-content/plugins and wp-content/mu-plugins are working well. Use only legitimate plugins to ensure the prevention of unauthorized access.

Conclusion

This data breach is likely to have major consequences and this is not only going to end up affecting GoDaddy’s WordPress websites’ owners but also their customers. However, we expect a quick recovery from the disaster. In the meantime, the affected customers can look through the steps provided above and perform relevant security hacks to safeguard their website and information.

Credit – https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/