news GoDaddy data breach exposes information from over 1 million people

accurate

Level 8
Joined
Sep 28, 2012
Messages
1,115
Reaction score
430
Feedback: 0 / 0 / 0
Customer information including email addresses, account numbers and passwords related to more than one million GoDaddy users was exposed in a data breach, the company said in a Monday regulatory filing.
The exposure of account passwords could put GoDaddy users at risk of having their accounts taken over by cybercriminals, while the compromise of the email addresses increases the odds that they'll eventually be used in phishing attacks.

Up to 1.2 million active and inactive managed WordPress customers had their email addresses and customer account numbers exposed, GoDaddy said. In addition, original WordPress administrative passwords that were created during the account setup process were exposed. If those credentials were still in use, the company said it has reset them.

 

accurate

Level 8
Joined
Sep 28, 2012
Messages
1,115
Reaction score
430
Feedback: 0 / 0 / 0
WordFence posted about it as well.

 

Furquan

DNForum Admin
DNF Staff
Epik Brand Ambassador
Joined
Dec 19, 2019
Messages
368
Reaction score
275
Feedback: 2 / 0 / 0
It's almost on every security blog. That's a lots of websites got affected
 

amplify

DNForum Moderator
DNF Staff
Joined
Sep 15, 2009
Messages
3,412
Reaction score
1,154
Feedback: 68 / 0 / 0
I would have expected more of an impact on $GDDY following yesterday's decline this pre-market... but looking pretty flat so far.
 

Furquan

DNForum Admin
DNF Staff
Epik Brand Ambassador
Joined
Dec 19, 2019
Messages
368
Reaction score
275
Feedback: 2 / 0 / 0
I would have expected more of an impact on $GDDY following yesterday's decline this pre-market... but looking pretty flat so far.
It's trending on Twitter also. Trend.png
 

Neoget

Level 5
Joined
Jul 5, 2021
Messages
279
Reaction score
126
Feedback: 0 / 0 / 0
This are happy and great news, finally justice to be served.
 

amplify

DNForum Moderator
DNF Staff
Joined
Sep 15, 2009
Messages
3,412
Reaction score
1,154
Feedback: 68 / 0 / 0
This are happy and great news, finally justice to be served.
Justice is only served when the hackers are caught. They have caused untold millions of dollars in losses already.

That is not justice.
 

Neoget

Level 5
Joined
Jul 5, 2021
Messages
279
Reaction score
126
Feedback: 0 / 0 / 0
Justice is only served when the hackers are caught. They have caused untold millions of dollars in losses already.

That is not justice.
Godaddy deserved it in full, that is why I m happy.
P.s. there was a recent topic about removed domains from someones account, did you delete the topic? I was interested to read what happened.
 

amplify

DNForum Moderator
DNF Staff
Joined
Sep 15, 2009
Messages
3,412
Reaction score
1,154
Feedback: 68 / 0 / 0
Godaddy deserved it in full, that is why I m happy.
There are real people that are affected behind the scenes, not counting the ones that had their content hosted and could be a target to even customers of theirs, so we'll just have to agree to disagree.
P.s. there was a recent topic about removed domains from someones account, did you delete the topic? I was interested to read what happened.
No. The poster looks like they marked it "controversial" so only logged-in members can see it (if you log out you cannot read it):
 

Neoget

Level 5
Joined
Jul 5, 2021
Messages
279
Reaction score
126
Feedback: 0 / 0 / 0
Today I got e-mail from Godaddy, because I used some years ago their hosting services.

Dear Fxxxx,

We are writing to inform you of a security incident impacting our GoDaddy Managed WordPress environment you once purchased and used. According to our records your Managed WordPress account is no longer active.

On November 17, we identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and have contacted law enforcement. Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to your customer number, email address associated with your previously used Managed WordPress account; and the password you first used when setting up your WordPress Admin login.

If you use that same password for other accounts, we recommend you change your password to those accounts and adopt data security best practices, such as choosing a strong unique password, regularly changing it, and enabling multi-factor authentication where available. We also recommend that you remain vigilant for potentially fraudulent communications sent to your email address purporting to be from GoDaddy or other third parties.

For residents living in California, Colorado, Delaware, Illinois, New York, New Jersey, Oregon, Vermont, Washington, and Wyoming, please visit https://www.godaddy.com/help/a-41004 for additional resources that describe additional steps you can take to help protect your information, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.

Thank you,

Demxxxxxx Coxxx

Chief Information Security Officer
 

amplify

DNForum Moderator
DNF Staff
Joined
Sep 15, 2009
Messages
3,412
Reaction score
1,154
Feedback: 68 / 0 / 0
It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker direct access to password credentials without the need to crack them.
Source: https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/

1637761191123.png

Tell me it's not about Epik or @robmonster without telling me it's not about Epik or Rob now. I hear crickets from the likes of Brad Mugford, Johnn, and company, who should be all over this one as well if all things were equal.

Or do they have a vested interest in GoDaddy where it would hurt much more if there was day-in-day-out negative press? I mean, GoDaddy is a publicly-traded company after all. Epik recovered, and so can GoDaddy. I would just like to see equality, at a minimum, is all.

1637761291457.png

Also, NamePros classifies GoDaddy's breach as regular domaining news while Epik's is a Warning and Alert.

One of these isn't like the other... or is it? 🤔
 

accurate

Level 8
Joined
Sep 28, 2012
Messages
1,115
Reaction score
430
Feedback: 0 / 0 / 0
Thanks for sharing.

Today I got e-mail from Godaddy, because I used some years ago their hosting services.

Dear Fxxxx,

We are writing to inform you of a security incident impacting our GoDaddy Managed WordPress environment you once purchased and used. According to our records your Managed WordPress account is no longer active.

On November 17, we identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and have contacted law enforcement. Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to your customer number, email address associated with your previously used Managed WordPress account; and the password you first used when setting up your WordPress Admin login.

If you use that same password for other accounts, we recommend you change your password to those accounts and adopt data security best practices, such as choosing a strong unique password, regularly changing it, and enabling multi-factor authentication where available. We also recommend that you remain vigilant for potentially fraudulent communications sent to your email address purporting to be from GoDaddy or other third parties.

For residents living in California, Colorado, Delaware, Illinois, New York, New Jersey, Oregon, Vermont, Washington, and Wyoming, please visit https://www.godaddy.com/help/a-41004 for additional resources that describe additional steps you can take to help protect your information, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.

Thank you,

Demxxxxxx Coxxx

Chief Information Security Officer
 

Biggie

DNForum Moderator
DNF Staff
Joined
Sep 4, 2002
Messages
14,721
Reaction score
2,006
Feedback: 166 / 0 / 0
Hi

really interesting to read the comments here
it tells so much

imo....
 

amplify

DNForum Moderator
DNF Staff
Joined
Sep 15, 2009
Messages
3,412
Reaction score
1,154
Feedback: 68 / 0 / 0
Hi

really interesting to read the comments here
it tells so much

imo....
Do explain... I think I've made myself very clear that the hackers are the root of the issue in both cases without beating a dead horse.
 

sophiajack1012

Level 1
Joined
Jan 24, 2022
Messages
10
Reaction score
1
Feedback: 0 / 0 / 0
N) said on Monday email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed to unauthorized third-party access. ... The company said the incident was discovered on Nov.
 

sophiajack1012

Level 1
Joined
Jan 24, 2022
Messages
10
Reaction score
1
Feedback: 0 / 0 / 0
GoDaddy says data breach exposed over a million user accounts. ... In a filing with the Securities and Exchange Commission, GoDaddy's chief information security officer Demetrius Comes said the company detected unauthorized access to its systems where it hosts and manages its customers' WordPress servers.
 
Top Bottom