GoDaddy Discloses Security Breach Data of 1.2 Million WordPress Users Exposed

NTC Data Breach
Share It On:

25th November 2021, Kathmandu

GoDaddy, a domain name registrar center and web hosting organization, revealed a data breach incident that uncovered the data of 1.2 million clients.

A disclosure released by the organization said that in an incident found on November 17, 2021, an unauthorized third party had accessed the organization’s Managed WordPress hosting interface. The unauthorized access was quickly blocked on the discovery, and a forensic investigation was started.

“Utilizing a compromised secret key, an unauthorized third party got to the provisioning system in our legacy code base for Managed WordPress. After distinguishing this incident, we quickly blocked the unauthorized third party from our system.

Our investigation is progressing, however still up in the air starts on September 6, 2021, the unauthorized third party utilized the vulnerability to get access to our client data,” expressed Demetrius Comes, Chief Information Security Officer GoDaddy.

Clients Affected

The notification shared the accompanying client data:

  • Up to 1.2 million active and inactive Managed WordPress clients had their email locations and client numbers uncovered. The exposure of email addresses presents a risk of phishing assaults.
  • The first WordPress Admin secret phrase that was set at the hour of provisioning was uncovered. Assuming those credentials were as yet being used, those passwords were reset.
  • For active clients, sFTP and information base usernames and passwords were uncovered. Both passwords have been reset.
  • For a subset of active clients, the SSL private key was uncovered. We are currently giving and putting in new authentications for those clients.

Strangely, GoDaddy has an assistance page for “My site was hacked. How should I respond?”, posting alerts and best practices to keep.

In May, the organization likewise unveiled a breach last year. In October, it alerted some of its clients that an unauthorized third party utilized their web hosting account credentials to connect with their hosting account through SSH.

GoDaddy’s security group found that occurrence after recognizing a changed SSH file in GoDaddy’s hosting interface and dubious activity on a subset of GoDaddy’s servers.

GoDaddy is one of the world’s biggest domain registrars and a web hosting organization offering services to more than 20 million clients worldwide.

In a blog post on krebsonsecurity.com, Brian Krebs published content regarding how fraudsters redirected email and web traffic destined for cryptocurrency trading platforms, and the attacks were facilitated by scams targeting employees at GoDaddy.


Share It On:

Recent Posts

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a