WordPress is much more than a blogging platform. It powers over 42% of all websites. So, whenever there is a vulnerability in WordPress security, it is a big deal.
And today, GoDaddy, the world’s largest web hosting company, with tens of millions more sites than its competitors, reports that the data of 1.2 million of its WordPress customers has been exposed.
Table of Contents
A data leak from September
In a document filed with the Securities and Exchange Commission (SEC), GoDaddy Chief Information Security Officer (CISO) Demetrius Comes explains that the company has discovered unauthorized access to the WordPress servers it manages. Specifically, the data leak began on September 6, 2021 and affects 1.2 million GoDaddy-managed WordPress customers, both active and inactive.
The relevant service, according to WordPress, offers streamlined and optimized hosting for building and managing sites on the platform. GoDaddy takes care of basic hosting administrative tasks like WordPress installation, automated daily backups, WordPress core updates, and server-level caching. Subscriptions to the service start at $6.99 per month.
Exposed email, username and password
The victims of this data breach had their email address and customer number exposed. As a result, GoDaddy warns its users that they may be at increased risk of phishing attacks.
The host adds that the original administrator password, created during the initial installation of WordPress, was also exposed. Thus, for users who have never changed their password β and there are many of them β hackers have had access to their website for several months.
Additionally, active customers had their sFTP and database usernames and passwords exposed. GoDaddy has reset both of these passwords. Finally, some active customers had their Secure-Socket Layer (SSL) private key exposed. GoDaddy is in the process of reissuing and installing new certificates for these customers.
Ongoing investigation
In its report, WordFence, a company specializing in WordPress security, states that βit appears that GoDaddy was storing sFTP credentials either in clear text or in a format that could be reversed to plain text. They did this instead of using a salted hash or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker to directly access password credentials without needing to crack them.
GoDaddy announced that an investigation is underway. The company is contacting all affected customers directly to provide specific details. The host’s customers can also contact him via his help center. This site includes the telephone numbers of the users of the countries concerned.
At this time, this is the only information GoDaddy has made public about the breach.
