news GoDaddy data breach exposes information from over 1 million people

[accurate]

Customer information including email addresses, account numbers and passwords related to more than one million GoDaddy users was exposed in a data breach, the company said in a Monday regulatory filing.

The exposure of account passwords could put GoDaddy users at risk of having their accounts taken over by cybercriminals, while the compromise of the email addresses increases the odds that they'll eventually be used in phishing attacks.

Up to 1.2 million active and inactive managed WordPress customers had their email addresses and customer account numbers exposed, GoDaddy said. In addition, original WordPress administrative passwords that were created during the account setup process were exposed. If those credentials were still in use, the company said it has reset them.

GoDaddy data breach exposes information from over 1 million people

Compromised data includes customer account numbers, email addresses and passwords.

www.cnet.com

 

[accurate]

WordFence posted about it as well.

GoDaddy Breached - Plaintext Passwords - 1.2M Affected

There is an update available here: GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress...

www.wordfence.com

 

[Deleted member 322971123]

It's almost on every security blog. That's a lots of websites got affected

 

[amplify]

I would have expected more of an impact on $GDDY following yesterday's decline this pre-market... but looking pretty flat so far.

 

[Deleted member 322971123]

I would have expected more of an impact on $GDDY following yesterday's decline this pre-market... but looking pretty flat so far.

It's trending on Twitter also.

 

[Domainnature]

This are happy and great news, finally justice to be served.

 

[amplify]

This are happy and great news, finally justice to be served.

Justice is only served when the hackers are caught. They have caused untold millions of dollars in losses already.

That is not justice.

 

[Domainnature]

Justice is only served when the hackers are caught. They have caused untold millions of dollars in losses already.

That is not justice.

Godaddy deserved it in full, that is why I m happy.
P.s. there was a recent topic about removed domains from someones account, did you delete the topic? I was interested to read what happened.

 

[amplify]

Godaddy deserved it in full, that is why I m happy.

There are real people that are affected behind the scenes, not counting the ones that had their content hosted and could be a target to even customers of theirs, so we'll just have to agree to disagree.

P.s. there was a recent topic about removed domains from someones account, did you delete the topic? I was interested to read what happened.

No. The poster looks like they marked it "controversial" so only logged-in members can see it (if you log out you cannot read it):

https://www.dnforum.com/threads/domain-removed-from-my-account-without-notice.600443/

 

[Domainnature]

No. The poster looks like they marked it "controversial" so only logged-in members can see it (if you log out you cannot read it):

https://www.dnforum.com/threads/domain-removed-from-my-account-without-notice.600443/

I get now my browser showed some error but now I was able to see it, thanks.

 

[Domainnature]

Today I got e-mail from Godaddy, because I used some years ago their hosting services.

Dear Fxxxx,

We are writing to inform you of a security incident impacting our GoDaddy Managed WordPress environment you once purchased and used. According to our records your Managed WordPress account is no longer active.

On November 17, we identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and have contacted law enforcement. Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to your customer number, email address associated with your previously used Managed WordPress account; and the password you first used when setting up your WordPress Admin login.

If you use that same password for other accounts, we recommend you change your password to those accounts and adopt data security best practices, such as choosing a strong unique password, regularly changing it, and enabling multi-factor authentication where available. We also recommend that you remain vigilant for potentially fraudulent communications sent to your email address purporting to be from GoDaddy or other third parties.

For residents living in California, Colorado, Delaware, Illinois, New York, New Jersey, Oregon, Vermont, Washington, and Wyoming, please visit https://www.godaddy.com/help/a-41004 for additional resources that describe additional steps you can take to help protect your information, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.

Thank you,

Demxxxxxx Coxxx

Chief Information Security Officer

 

[amplify]

It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker direct access to password credentials without the need to crack them.

Source: https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/



Tell me it's not about Epik or @robmonster without telling me it's not about Epik or Rob now. I hear crickets from the likes of Brad Mugford, Johnn, and company, who should be all over this one as well if all things were equal.

Or do they have a vested interest in GoDaddy where it would hurt much more if there was day-in-day-out negative press? I mean, GoDaddy is a publicly-traded company after all. Epik recovered, and so can GoDaddy. I would just like to see equality, at a minimum, is all.



Also, NamePros classifies GoDaddy's breach as regular domaining news while Epik's is a Warning and Alert.

One of these isn't like the other... or is it?

 

[accurate]

Thanks for sharing.

Today I got e-mail from Godaddy, because I used some years ago their hosting services.

Dear Fxxxx,

We are writing to inform you of a security incident impacting our GoDaddy Managed WordPress environment you once purchased and used. According to our records your Managed WordPress account is no longer active.

On November 17, we identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and have contacted law enforcement. Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to your customer number, email address associated with your previously used Managed WordPress account; and the password you first used when setting up your WordPress Admin login.

If you use that same password for other accounts, we recommend you change your password to those accounts and adopt data security best practices, such as choosing a strong unique password, regularly changing it, and enabling multi-factor authentication where available. We also recommend that you remain vigilant for potentially fraudulent communications sent to your email address purporting to be from GoDaddy or other third parties.

For residents living in California, Colorado, Delaware, Illinois, New York, New Jersey, Oregon, Vermont, Washington, and Wyoming, please visit https://www.godaddy.com/help/a-41004 for additional resources that describe additional steps you can take to help protect your information, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.

Thank you,

Demxxxxxx Coxxx

Chief Information Security Officer

 

[Biggie]

Hi

really interesting to read the comments here
it tells so much

imo....

 

[accurate]

What do you mean @Biggie?

Hi

really interesting to read the comments here
it tells so much

imo....

 

[amplify]

Hi

really interesting to read the comments here
it tells so much

imo....

Do explain... I think I've made myself very clear that the hackers are the root of the issue in both cases without beating a dead horse.

 

[accurate]

GoDaddy data breach hits WordPress hosting services resellers​

GoDaddy data breach hits WordPress hosting services resellers

GoDaddy says the recently disclosed data breach affecting roughly 1.2 million customers has also hit multiple Managed WordPress services resellers.

www.bleepingcomputer.com

 

[accurate]

GoDaddy just realized it was hacked months ago​

GoDaddy just realized it was hacked months ago

Better late than never.

mashable.com

 

[sophiajack1012]

N) said on Monday email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed to unauthorized third-party access. ... The company said the incident was discovered on Nov.

 

[sophiajack1012]

GoDaddy says data breach exposed over a million user accounts. ... In a filing with the Securities and Exchange Commission, GoDaddy's chief information security officer Demetrius Comes said the company detected unauthorized access to its systems where it hosts and manages its customers' WordPress servers.