Web Hosting Giant GoDaddy Finds Out Of Its Network Hacked Two Months Later

By: Yuriy Stanislavskiy | 24.11.2021, 14:05
Web Hosting Giant GoDaddy Finds Out Of Its Network Hacked Two Months Later

This week, web hosting giant GoDaddy reported a successful attack on its network that compromised the data of more than 1.2 million of its customers. The news came from documents filed by the company with the US Securities and Exchange Commission (SEC) on Monday. Information filed by GoDaddy with the SEC shows that they learned of the hack more than two months later. On November 17, GoDaddy learned that an unknown party had managed to compromise its networks in early September.

On the positive side, GoDaddy immediately took the necessary steps to limit the damage to those affected by the violation as soon as they became aware of it. The bad news is that they found out more than two months later.

What's hacked

  • The data of 1.2 million users of active and inactive managed WordPress instances were affected - emails and numbers.
  • the original WordPress admin passwords set at the time the network was attacked. Now these passwords have been changed.
  • Username and password pairs for sFTP and active user databases have also been leaked - now changed for security reasons.
  • the private SSL keys of some still active clients. The company is in the process of issuing and installing new certificates for the clients in question.

GoDaddy said in a post that a currently unknown party was able to access the Managed WordPress hosting environment - a service the company provides to manage WordPress installations for its customers - after stealing credentials and gaining access to a service system in the currently unsupported Managed codebase. WordPress.

What is fraught with

The dangers to injured users are few and varied here. In addition to conducting phishing campaigns, hackers can use stolen data to completely hijack WP sites, and then demand a ransom for the return of access to them from their owners, distribute malicious code among visitors to these sites, and carry out other types of attacks.

A source: sec.gov