The web hosting company GoDaddy disclosed a major security breach on Monday, noting that an unauthorized party accessed data belonging to a total of 1.2 million active and inactive customers.
On November 17th, GoDaddy discovered that a malicious third-party had gained access to its Managed WordPress service environment as far back as September 6th. This access was gained using a compromised password on the system.
The third-party had accessed a large amount of data during that time, including email addresses and customer numbers of up to 1.2 million users, the original WordPress administrative password set on accounts at the time of creation, sFTP and database usernames and passwords of active users, and the SSL private keys for a subset of active customers.
GoDaddy stated that it is in the process of issuing and installing new certificates for the impacted customers, as well as resetting affected administrative or database passwords. They have also mentioned implementing new security controls to help prevent any future breaches.
Analyst Notes
While GoDaddy has reset all affected passwords, it is recommended to reset the passwords for all users on impacted WordPress sites in case they have been compromised. Likewise, resetting passwords for any systems or applications that share a password that was compromised in this data breach is highly recommended. Password reuse is abused heavily by threat actors, so this will help prevent any further compromises for affected users. Enabling two-factor authentication on both the GoDaddy service itself as well as for all WordPress users is also highly recommended to help prevent entire system compromise. Users should also validate that any compromised SSL certificates have been rotated for their website, as this has not been fully completed by GoDaddy yet and is critical to prevent sophisticated attacks.
Sources:
https://thehackernews.com/2021/11/godaddy-data-breach-exposes-over-1.html
https://threatpost.com/godaddys-latest-breach-customers/176530/
