GoDaddy data breach hits WordPress hosting services resellers

GoDaddy data breach hits WordPress hosting services resellers

GoDaddy says the recently revealed data breach affecting around 1.2 million customers has also affected several resellers of managed WordPress services.

According to Dan Rice, VP of Corporate Communications at GoDaddy, the six retailers also affected by this massive breach are tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet and Host Europe.

GoDaddy acquired these brands after acquiring web hosting and cloud service companies Host Europe Group in 2017 and Media Temple in 2013.

“A small number of active and inactive managed WordPress users on these brands were affected by the security incident,” Rice told WordPress security firm Wordfence.

“No other brands are affected. These brands have already contacted their respective customers with specific details and recommended action.”

Hacked with a compromised password

The data breach was discovered by GoDaddy last Wednesday, November 17, but as separately revealed in a Monday filing to the US Securities and Exchange Commission, customer data was revealed since at least September 6, 2021, after unknown threat players gained access to the company’s Managed WordPress hosting environment.

“Our investigation is ongoing, but we have determined that on or after September 6, 2021, an unauthorized third party gained access to certain administrative service authorization information, specifically your customer number and email address associated with your account; your WordPress Admin login set at startup; and your sFTP and database usernames and passwords, “GoDaddy told customers in letters about data breaches sent this week.

“This means that the unauthorized party could have accessed and modified your managed WordPress service, including to modify your site and the content stored on it.”

The attackers had access to the following GoDaddy customer information after breaking the company’s delivery system for Managed WordPress:

  • Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number revealed. Exposure to email addresses poses a risk of phishing attacks.
  • The original WordPress Admin password set at the time of preparation was revealed. If this credentials were still in use, we would reset these passwords.
  • For active customers, sFTP and database usernames and passwords were revealed. We reset both passwords.
  • For a subset of active customers, the private SSL key was revealed. We are in the process of issuing and installing new certificates for these customers.

GoDaddy has not yet published a public statement regarding this data breach on its website.

Not the first rodeo

This is not the first data breach or cybersecurity incident that the web hosting giant has revealed in recent years.

Another breach was revealed last year, in May, when GoDaddy warned customers that hackers were using their web hosting account login information to connect to their hosting account via SSH.

GoDaddy’s security team discovered the breach after finding a modified SSH file in the company’s hosting environment and noticed suspicious activity on a subset of GoDaddy’s servers.

In 2019, GoDaddy injected JavaScript into US customers’ websites without their knowledge, potentially rendering them unusable or affecting the overall performance of the websites.

GoDaddy is one of the largest web hosting companies and domain registrars providing services to over 20 million customers worldwide.


Please enter your comment!
Please enter your name here