Go Daddy’s popular WordPress hosting service is now suffering the consequences of a serious security leak – or rather, the provider’s customers are. After all, it has now become known that unknown persons are said to have gained access to the data of almost 1.2 million customers. In the so-called Managed WordPress instances, information such as e-mail addresses, but also passwords were accessible.
Compromised password as gateway
At the hosting and domain provider Go Daddy, third parties have gained access to the WordPress provisioning system and thus to users’ data through a compromised password. This affects customers using a WordPress instance managed by the provider at Go Daddy, according to a company statement. In total, the accounts of 1.2 million users are said to have been accessible to the cyber criminals. The attackers are said to have made the corresponding e-mail addresses and customer numbers their own. It is particularly problematic for all users who did not change the password for account creation, but took it from Go Daddy. The same can now be considered compromised.
Attack since the beginning of September
At the same time, the viewable data has probably been anything but insensitive – quite the opposite. Active customers must now fear for the security of their passwords for sFTP and the WordPress database. These, as well as SSL keys, are said to have been visible to the respective users. It is by no means the case that the data access was only a one-time attack. Go Daddy states that the attacks can be traced back to September 6, 2021. However, the whole thing was only discovered on November 17, 2021, when suspicious accesses to the system were noticed. After the data leak was discovered, Go Daddy intervened immediately. Accordingly, the users’ passwords were reset. Of course, police steps were also taken to track down the attackers. Go Daddy used the services of a special IT forensics company. They also want to provide more security in the future.
Cause still unknown
In the aftermath of cyberattacks, there is always the question of why and how. This case is no different. Go Daddy is still puzzled as to how the unknown parties were able to get their hands on the compromised password in the first place. What is certain is that this is not the first major attack on the platform. As recently as November 2020, cyber criminals managed to get hold of the company’s employees’ data by means of social engineering. The attackers then used the access data to gain access to cryptocurrency platforms, for example.