[German]This is a heavy stroke for many people with web presences. The US hoster GoDaddy has become a victim of a cyberattack. The attackers managed to gain access to the Managed WordPress hosting environment of this provider.
On November 22, 2021, GoDaddy sent a notification to the US Securities and Exchange Commission (SEC) disclosing the hack. On November 17, 2021, the host's technicians discovered unauthorized third-party access to the Managed WordPress hosting environment in use. The following has been disclosed regarding the facts of the case so far:
- The hoster's technicians detected suspicious activity in the Managed WordPress hosting environment and immediately launched an investigation with the help of an IT forensics company, as well as contacted law enforcement.
- What is clear is that the attackers used a compromised password to gain access to the provisioning system of GoDaddy's legacy codebase for Managed WordPress.
The attacker was indeed immediately locked out of the system when the accesses were noticed. However, the attacker probably succeeded in accessing customer data, although the evaluation is not yet complete. The current findings are as follows:
- The incident exposed up to 1.2 million active and inactive Managed WordPress customers with their email address and customer number. The exposure of email addresses poses a risk of phishing attacks.
- The original WordPress administrator password set at the time of deployment has been exposed. If those credentials were still in use, GoDaddy technicians reset those passwords.
- For active customers, the usernames and passwords for sFTP and the database were exposed. GoDaddy technicians reset both passwords.
- For a subset of active customers, the SSL private key was exposed. GoDaddy technicians are in the process of issuing and installing new certificates for these customers.
The investigation into the incident is still ongoing. GoDaddy has announced that it will contact all affected customers directly to provide them with specific details. Customers can also contact the provider via the Help Center (https://www.godaddy.com/help).
All in all, a bitter blow – I have not yet been able to clarify whether HostEurope, which has been part of the GoDaddy group since 2017, is also affected. However, since I have not received any notification so far, I assume that these customers are not affected. In general, GoDaddy (as a low-cost hoster) regularly attracts attention due to security incidents – the colleagues from Bleeping Computer have outlined some of these incidents here.
Follow up article: GoDaddy hack also affects hosting resellers
GoDaddy has to be one of the cheapest, as well as one the most flimsy of outfits. I wouldn't trust them with my trash bin.