There had been a recent GoDaddy WordPress breach, that could have affected your site. According to a statement filed with the SEC; GoDaddy suffered a breach of security that gave an attacker access to more than 1 million email addresses. These were related to the company’s active and inactive Managed WordPress subscribers.
In early September, the attacker “used a compromised password” to obtain access to a provisioning system. Meaning to set up and automatically configuring new sites when clients create them. According to the business. According to GoDaddy, the intrusion was discovered on November 17th, and the attacker was immediately locked out before an investigation was launched and law enforcement was contacted.
The hackers had access to much more than email addresses. They even had access to the provisioner’s original WordPress admin login. As well as the passwords for active users’ databases and sFTP systems. Some users’ private SSL keys were also exposed according to the firm. This is responsible for verifying that a site is who it claims to be. And is required to power the little lock icon you sometimes see in your URL bar.
GoDaddy WordPress breach & the company’s response
GoDaddy said it’s attempting to address the problems by resetting affected passwords and, if necessary, regenerating security certificates. “All impacted consumers will be contacted individually with particular facts,” the company said. While those appear to be reasonable precautions; having to deal with a password reset will most likely be inconvenient for some individuals.
GoDaddy did not immediately reply to a request for comment on how the attacker got access to the password that the business claims was used to access its systems. However, it does state that the inquiry is still underway in its announcement.
Phishing or social engineering has been blamed for recent attacks at other firms (though there have also been instances of simply poor passwords). When it comes to bogus emails, GoDaddy has a bad history of testing its employees’ cybersecurity awareness, but attackers only need to get lucky once to gain access to massive amounts of data.