— Starting with a recently published disclosure
on the United States Securities and Exchange Commission (SEC)
shared with the public and its customers that a data breach occurred with their Managed WordPress customers in September. It appears the breach also affected
, Media Temple
, Domain Factory
, Heart Internet
, and Host Europe
GoDaddy said an unauthorized person used a compromised password to gain access to their systems around September 6. GoDaddy said it first discovered the breach last week on November 17. This breach impacts up to 1.2 million WordPress customers — and potentially more sites since customers can and often do have more than one site in their account.
The attacker had access to user email addresses and customer numbers plus the original WordPress Admin password that was set at the time of provisioning as well as SSL private keys. Wordfence
also notes the sFTP and database usernames and passwords of active customers were accessible
to the attacker. This was possible because the "sFTP passwords [were stored] in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices."
For now, anyone using GoDaddy’s Managed WordPress hosting should assume their sites have been compromised and change their passwords, enable two-factor authentication where possible, and watch out for odd emails. If you run an ecommerce site, Mark Maunder
warns that "you may be required to notify your customers of the breach" depending on regulatory requirements in your jurisdiction.
POST STATUS ANALYSIS
This isn’t something you want to see happen at all, especially on a Black Friday week after a big acquisition you made the week prior. There are likely to be some far-reaching consequences and repercussions here but it’s too soon to tell.
The timing and nature of this attack bring back memories of a similar breach that came to light on Black Friday weekend in 2009 at Media Temple before GoDaddy acquired it. Have hosts become more diligent about security in the past decade? News of big data breaches have become so commonplace they seem less remarkable now. At least disclosures about security failures seem to be more complete and forthcoming once they are detected. But that isn’t much consolation to customers whose sites are hacked.