GoDaddy data breach: 1.2M user profiles, including passwords, exposed

By Kim Komando

November 23, 2021

© Awargula | Dreamstime.com

At any given point, there are almost 2 billion websites on the internet. Each is hosted on a server. GoDaddy is one of the original web hosting businesses, and it’s also the largest, facilitating around 62 million domains.

Do you run your own website? Tap or click here to for five signs that it’s outdated.

While it’s wise to go with one of the most established web hosting companies, a large number of GoDaddy customers recently learned that can also make it a big target. A recently-discovered data breach has exposed more than 1 million user records.

Here’s the backstory

Hosting a website comes in many forms, but the most popular is to use the WordPress platform for content management. This is the back-end tool that allows you to add content, products, blog posts or photos.

Many customers have combined the two, hosting their site through GoDaddy and using the WordPress platform. This is what GoDaddy calls its “Managed WordPress hosting environment.” But if you opted for that package, you might have had your details exposed.

This week, the company informed the Securities and Exchange Control (SEC) that it suffered a security breach to its Managed WordPress hosting environment, exposing account data of about 1.2 million customers.

In the SEC filing, GoDaddy detailed that hackers used a compromised password and gained access to the provisioning system on Sept. 6, 2021. Once detected, an immediate investigation was launched by GoDaddy and an undisclosed IT forensics firm. While the attack was stopped, the hackers managed to get their hands on:

• Up to 1.2 million active and inactive Managed WordPress customers’ email address and customer number.
• The original WordPress Admin password that was set at the time of provisioning.
• sFTP and database usernames/passwords for active customers.
• The SSL private key for a small amount of active customers.

What you can do about it

If you have been part of a breach, there are a few things that you can do to protect your data and personal information. In this case, GoDaddy said that it has already reset the original WordPress Admin passwords and the sFTP passwords for active users.

But the exposed email addresses of the 1.2 million customers do pose a significant email phishing concern. Here are some safety steps to take:

• Be cautious when you receive an email from GoDaddy in the next few days. Make sure that it is a legitimate email from GoDaddy by scrutinizing the sender email address and the text. Scammers usually make small mistakes or typos in scam mails.
• Do the same with emails seemingly coming from other companies, as you may now be the target of additional phishing attacks like these.
• Check whether your details have been exposed by entering your email address into haveibeenpwned.com. The site will let you know when and where your details have been leaked.
• Check your financial statements and look for any suspicious activity. If you see any unauthorized transactions, immediately notify your bank or credit card provider.
• Change all your passwords – especially if you use the same password for multiple sites and services. Use a password manager for added security, and where possible use two-factor authentication (2FA) when offered. Tap or click here for additional tips to secure all of your online accounts.

Keep reading

Part of a data breach? These are the steps to take immediately

3 websites that gather and sell your info – And how to delete it

Tags: breaches, Email Phishing, GoDaddy, hackers, internet, security, two-factor authentication