GoDaddy Discloses Security Breach Data of 1.2 Million WordPress Users Exposed

NTC Data Breach
Share It On:

25th November 2021, Kathmandu

GoDaddy, a domain name registrar center and web hosting organization, revealed a data breach incident that uncovered the data of 1.2 million clients.

A disclosure released by the organization said that in an incident found on November 17, 2021, an unauthorized third party had accessed the organization’s Managed WordPress hosting interface. The unauthorized access was quickly blocked on the discovery, and a forensic investigation was started.

“Utilizing a compromised secret key, an unauthorized third party got to the provisioning system in our legacy code base for Managed WordPress. After distinguishing this incident, we quickly blocked the unauthorized third party from our system.

Our investigation is progressing, however still up in the air starts on September 6, 2021, the unauthorized third party utilized the vulnerability to get access to our client data,” expressed Demetrius Comes, Chief Information Security Officer GoDaddy.

Clients Affected

The notification shared the accompanying client data:

  • Up to 1.2 million active and inactive Managed WordPress clients had their email locations and client numbers uncovered. The exposure of email addresses presents a risk of phishing assaults.
  • The first WordPress Admin secret phrase that was set at the hour of provisioning was uncovered. Assuming those credentials were as yet being used, those passwords were reset.
  • For active clients, sFTP and information base usernames and passwords were uncovered. Both passwords have been reset.
  • For a subset of active clients, the SSL private key was uncovered. We are currently giving and putting in new authentications for those clients.

Strangely, GoDaddy has an assistance page for “My site was hacked. How should I respond?”, posting alerts and best practices to keep.

In May, the organization likewise unveiled a breach last year. In October, it alerted some of its clients that an unauthorized third party utilized their web hosting account credentials to connect with their hosting account through SSH.

GoDaddy’s security group found that occurrence after recognizing a changed SSH file in GoDaddy’s hosting interface and dubious activity on a subset of GoDaddy’s servers.

GoDaddy is one of the world’s biggest domain registrars and a web hosting organization offering services to more than 20 million clients worldwide.

In a blog post on krebsonsecurity.com, Brian Krebs published content regarding how fraudsters redirected email and web traffic destined for cryptocurrency trading platforms, and the attacks were facilitated by scams targeting employees at GoDaddy.


Share It On:

Recent Posts

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future Plans

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future

Share It On:22nd November 2024, Kathmandu Liberty Energy Company Limited is gearing up to issue rights shares starting December 1,

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Share It On:22nd November 2024, Kathmandu Asha Laghubitta Bittiya Sanstha is holding its 8th Annual General Meeting (AGM) today, November

6th Asian Population Conference 2024 in Nepal: Advancing Sexual and Reproductive Health Policies

6th Asian Population Conference 2024 in Nepal: Advancing Sexual and

Share It On: 21st November, Kathmandu Nepal is set to host the 6th Asian Population Conference from November 27 to

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Kumari Bank Promoter Share Sale: Eligibility, Application Process, and Price

Share It On:21st November, Kathmandu Kumari Bank Limited has officially declared its intention to sell a substantial number of promoter

Up to NPR 150 Cashback on Nepal Telecom and Ncell Services with Namaste Pay

Up to NPR 150 Cashback on Nepal Telecom and Ncell

Share It On:21st November, Kathmandu Namaste Pay has unveiled an exciting new campaign to reward its users with cashback on

Ncell introduces innovative feature, enabling customers to convert voice to data or data to voice services

Ncell introduces innovative feature, enabling customers to convert voice to

Share It On:21st November, Kathmandu Ncell customers can enjoy an innovative feature that allows them to convert or exchange remaining