GoDaddy Discloses Security Breach Data of 1.2 Million WordPress Users Exposed

NTC Data Breach
Share It On:

25th November 2021, Kathmandu

GoDaddy, a domain name registrar center and web hosting organization, revealed a data breach incident that uncovered the data of 1.2 million clients.

A disclosure released by the organization said that in an incident found on November 17, 2021, an unauthorized third party had accessed the organization’s Managed WordPress hosting interface. The unauthorized access was quickly blocked on the discovery, and a forensic investigation was started.

“Utilizing a compromised secret key, an unauthorized third party got to the provisioning system in our legacy code base for Managed WordPress. After distinguishing this incident, we quickly blocked the unauthorized third party from our system.

Our investigation is progressing, however still up in the air starts on September 6, 2021, the unauthorized third party utilized the vulnerability to get access to our client data,” expressed Demetrius Comes, Chief Information Security Officer GoDaddy.

Clients Affected

The notification shared the accompanying client data:

  • Up to 1.2 million active and inactive Managed WordPress clients had their email locations and client numbers uncovered. The exposure of email addresses presents a risk of phishing assaults.
  • The first WordPress Admin secret phrase that was set at the hour of provisioning was uncovered. Assuming those credentials were as yet being used, those passwords were reset.
  • For active clients, sFTP and information base usernames and passwords were uncovered. Both passwords have been reset.
  • For a subset of active clients, the SSL private key was uncovered. We are currently giving and putting in new authentications for those clients.

Strangely, GoDaddy has an assistance page for “My site was hacked. How should I respond?”, posting alerts and best practices to keep.

In May, the organization likewise unveiled a breach last year. In October, it alerted some of its clients that an unauthorized third party utilized their web hosting account credentials to connect with their hosting account through SSH.

GoDaddy’s security group found that occurrence after recognizing a changed SSH file in GoDaddy’s hosting interface and dubious activity on a subset of GoDaddy’s servers.

GoDaddy is one of the world’s biggest domain registrars and a web hosting organization offering services to more than 20 million clients worldwide.

In a blog post on krebsonsecurity.com, Brian Krebs published content regarding how fraudsters redirected email and web traffic destined for cryptocurrency trading platforms, and the attacks were facilitated by scams targeting employees at GoDaddy.


Share It On:

Recent Posts

‘Ncell Woman ICON ICT Award 2024’ presented to Bandana Sharma

‘Ncell Woman ICON ICT Award 2024’ presented to Bandana Sharma

Share It On:26th December 2024, Kathmandu This year’s ‘Ncell Woman ICON ICT Award’ has been conferred on Bandana Sharma, recognizing

456 MW Nepal’s Upper Tamakoshi Resumes Power Generation After Landslide Damage

456 MW Nepal’s Upper Tamakoshi Resumes Power Generation After Landslide

Share It On:25th December 2024, Kathmandu The Upper Tamakoshi Hydroelectric Plant, Nepal’s largest with a 456-megawatt capacity, has resumed partial

Bajaj Platina Mileage Champion 2024: Dhangadhi Event Winners, Performance Highlights, and Fuel Efficiency Showcase

Bajaj Platina Mileage Champion 2024: Dhangadhi Event Winners, Performance Highlights,

Share It On: 25th December 2024, Kathmandu The ‘Bajaj Mileage Champion’ event took place in Dhangadhi, Kailali, where local riders

inDrive Partners with ICT Award 2024, Supports Innovation in Nepal’s Startup Ecosystem

inDrive Partners with ICT Award 2024, Supports Innovation in Nepal’s

Share It On:25th December 2024, kathmandu inDrive a global mobility and urban services platform, is proud to announce the winner of

Citizens Bank Easy Dental Partnership: Exclusive Discounts for Customers

Citizens Bank Easy Dental Partnership: Exclusive Discounts for Customers

Share It On: 25th December 2024, Kathmandu Citizens Bank International Ltd. has entered into a partnership with Easy Dental Pvt.

Bajaj Motorcycle Finance Fair 2024 in Nepal: Low Interest Rates & Easy Loan Approval

Bajaj Motorcycle Finance Fair 2024 in Nepal: Low Interest Rates

Share It On:25th December 2024, Kathmandu Hansraj Hulaschand & Company Pvt. Ltd., the official dealer of Bajaj Motorcycles in Nepal,