Over a million WordPress sites breached

WordPress is much more than just a blogging platform. It is used by over 42% of all websites. So it’s a big deal whenever WordPress has a security flaw. Now, GoDaddy, the world’s largest web hosting company with tens of millions more sites than its competitors, has announced that data on 1.2 million of its WordPress clients has been compromised. Demetrius Comes, GoDaddy’s chief information security officer (CISO), revealed in a Securities and Exchange Commission (SEC) filing that they’ve uncovered illegal access to their managed WordPress servers. Since September 6, 2021, the hack has exposed information on 1.2 million active and inactive managed WordPress customers.
WordPress describes this managed service as “streamlined, optimised hosting for building and managing WordPress sites.” Basic hosting administration responsibilities are handled by GoDaddy, including WordPress installation, automated daily backups, WordPress core updates, and server-level caching. The monthly cost of these plans starts at $6.99. Customers’ email addresses and phone numbers were both exposed. As a result, GoDaddy warns users that this exposure may increase their vulnerability to phishing attacks. The initial WordPress admin password, set when WordPress was first installed, has also been disclosed, according to the web host. If you didn’t update your password, hackers could have accessed your website for months.
Active clients’ sFTP and database usernames and passwords were also exposed. Both of these passwords have been reset by GoDaddy. Finally, the private key for certain active clients’ Secure-Sockets Layer (SSL) was revealed. For those customers, GoDaddy is now reissuing and installing fresh certificates. According to WordFence, a WordPress security firm, in its study, “GoDaddy appears to have been keeping sFTP passwords in plaintext or a format that could be reversed into plaintext. Instead of utilising a salted hash or a public key, which are both considered industry best practises for sFTP, they did this. An attacker could now get direct access to password credentials without having to crack them.”
The inquiry into GoDaddy is still ongoing, according to the company. The company is individually contacting all impacted customers with precise information. Customers can also use GoDaddy’s assistance centre to get in touch with the company. Users in affected nations can call the phone numbers listed on this site.