Are you a GoDaddy customer? Do you maintain a WordPress blog with them? If so be advised that the company recently announced a breach of their network. An “as-yet-unidentified” third party accessed GoDaddy’s Managed WordPress hosting environment.
Based on the investigation to date the intrusion began on September 6, 2021. While taking advantage of a vulnerability the company was unaware of at the time the unknown attacker was able to gain access to a variety of information.
According to GD The information taken includes:
- The email addresses and customer numbers of more than 1 million Managed WordPress customers (both active and inactive)
- The original WordPress Administrative password that was set at the time of provisioning
- For active customers, the SFTP and database usernames and passwords
- And for some customers (exact number unknown at this time), the SSL private key
The company has retained the services of an independent third-party security firm to assist them with their investigation. That investigation is ongoing but the company has already reset the SFTP and database passwords for all impacted users. They are in the process of issuing and installing new certificates for customers who had their SSL private keys exposed.
The company is in the process of contacting all impacted users. If your email address was exposed, you will definitely want to keep a sharp eye out for phishing attacks targeting your email address. As is the case any time an event like this occurs the company apologized and stressed that they take customer data security very seriously. No additional information is available at this time but bear in mind that the investigation is still ongoing.
It’s unfortunate but not altogether unsurprising. A company as large as GoDaddy with millions of customers is an attractive target for almost any hacker. Stay vigilant out there. This won’t be the last major breach we see this year. Used with permission from Article Aggregator
This content was originally published here.
If you are still hosting your sites with Godaddy, here’s what you need to do:
- Change your password right away
- Add 2 Factor Authentication to your GD Account
- Add 2 Factor Authentication to your website’s login
- Check all the users on your website and see if there is anyone you do not recognize or anyone else but you who has admin access
- Check your website for malware using this free tool from Sucuri https://sitecheck.sucuri.net/
If you feel that your website has any issue (slow, unusual behaviour of any kind, redirecting to other sites etc.)
That would be a sign of malware or a hack, we’ll be happy to help you contact us here.