● GoDaddy Data Breach

Wed Nov 24, 2021 11:52 pm
Clan Leader
Top Dog
Nuke Dev / Coder
3015 Posts
coRpSE
Currently Offline
Offline

Most Played:
This week: 77.7hrs.
Total Played: 195hrs.


  
There is life outside of the game.
Reputation: 7317.9
votes: 7
Expand


Millions of GoDaddy customer data compromised in breach

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission (SEC) that it had suffered a security breach.

In the notice, it explained it had been compromised via an “unauthorized third-party access to our Managed WordPress hosting environment.” The unknown culprit behind the attack stole up to 1.2 million active and inactive customer data, including email addresses, original WordPress admin passwords, Secure File Transfer Protocol (sFTP) and database credentials, and SSL private keys.

Expand

The company said it has taken measures to secure accounts and the environment, such as resetting passwords and blocking the unauthorised third-party from accessing its system, and said it will be issuing new certificates for specific customers.

GoDaddy first detected suspicious activity in its Managed WordPress hosting environment on Wednesday last week. According to initial investigations, the intruder used a compromised password to access legacy code in GoDaddy’s environment to steal data. Investigations are ongoing.

“We are sincerely sorry for this incident and the concern it causes for our customers,” wrote Demetrius Comes, GoDaddy’s Chief Information Security Officer (CISO), “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

According to researchers from Defiant Inc, developers of Wordfence—a plugin for securing WordPress sites—GoDaddy has been handling sFTP in a way that doesn’t follow standard practices: “It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker direct access to password credentials without the need to crack them.”

GoDaddy customer? Here’s what to do
If you use GoDaddy’s hosting service and are unsure if your account might be one of those affected, do not leave this to chance. Act now before someone takes the opportunity to take over your account.

GoDaddy has provided
Please login to see this link
Get registered or Log in
to lock down an account that might be potentially compromised:


  • Change your password and your PIN

  • Enable
    Please login to see this link
    Get registered or Log in
    if you haven’t already.

  • Please login to see this link
    Get registered or Log in
    you have stored in your account, and delete those you don’t use. It would also be good to keep an eye on your bank account transactions and be ready to flag those that are fraudulent.

  • Please login to see this link
    Get registered or Log in
    for anyone you’ve allowed into your account.

  • Please login to see this link
    Get registered or Log in
    any unknown API keys by deleting them.

  • Please login to see this link
    Get registered or Log in
    is correct to avoid someone taking it over.

  • Please login to see this link
    Get registered or Log in
    of your GoDaddy account, which will sign you out of all devices and browsers.

Stay safe!



Article written & copied from Malwarebytes Labs.
Please login to see this link
Get registered or Log in


This is being posted for I know some of you use GoDaddy for different things and I want to do my part in trying to help keep you safe by sharing this news that has been for the most part going under the radar.


Expand
Forums ©