GoDaddy, a company that offers web hosting services, has reported a WordPress data breach that, for now, is known to have affected 1.2 million customers worldwide. GoDaddy’s chief information security officer, Demetrius Comes, was responsible for announcing that the company detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers.
GoDaddy said that the person or persons who accessed these systems used a compromised password to access GoDaddy’s systems. This is believed to have happened on Sept. 6 although GoDaddy said it discovered the breach last week, on Nov. 17, and made it public just hours ago. It is unclear whether the compromised password was protected with two-factor authentication.
The breach is known to affect 1.2 million both active and inactive WordPress users.
Online data stolen
Mostly email addresses and customer numbers have been exposed.
The web hosting provider also said that it is possible that hackers have gotten hold of the original password of WordPress administrators. That is, the one created when the account was first opened and that this could be used to access a customer’s WordPress server.
The GoDaddy spokesperson explained that other data that may have been extracted from active customers include their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all of the user’s content. In some cases, the client’s SSL (HTTPS) private key was exposed. If these hackers decide to make use of it, they could potentially impersonate the customer’s website or services.
GoDaddy has said that it has reset passwords and private keys for WordPress customers, and is in the process of issuing new SSL certificates.
It should be remembered that this company that offers web hosting services has more than 20 million customers worldwide. For the moment, the company has declined to comment on the ongoing investigation process.
Website protection measures
Security experts suggest that you enable two-step authentication to access your WordPress account, if you have not already done so. This will make it more difficult for attackers to gain access using the leaked passwords, as they would need more than just this stolen password.
It is also recommended that you check all the files on your site, especially those in the WordPress plugin and theme directories. By uploading infected plugins, attackers can get back into your account later, even after all the original issues have been patched and stolen passwords have been changed.
GoDaddy said this exposure could trigger phishing attacks on the people from whom the information was stolen.
Beware of anyone contacting you and offering to “help” you clean out your account. The attackers have the email addresses of all affected users, so these “offers” could come directly from them in the form of phishing.