Hackers gained access to login and FTP credentials, along with 1.2 million email addresses.
A security breach in GoDaddy’s Managed WordPress environment gave hackers the keys to customers’ WordPress sites.
GoDaddy (NYSE: GDDY) discovered the issue last week and determined that the hackers started exploiting the vulnerability on September 6. Using a compromised password, the hackers accessed the provisioning system in the company’s legacy code base for Managed WordPress. They were able to access WordPress login credentials and FTP credentials. Per the company, here’s what was exposed:
• Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
• The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.
• For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.
• For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.
I have two sites on GoDaddy’s Managed WordPress platform. (Domain Name Wire is on a different hosting provider.) On November 3, I received an email that stated:
During a routine audit of our hosting environment, we found malware on your WordPress site(s). Although the detected malware was not related to GoDaddy’s hosting platform, your security is important to us, so our team proactively removed the detected malware for you.
The email didn’t identify which site was impacted, but the package I use doesn’t include the removal of malware (that costs extra). So it’s possible that an unusually high number of sites needed malware removal, and GoDaddy did it proactively. I’m not sure that this is related to the breach, but the timing suggests it might be.