GoDaddy Breach announced

[David H. Lipman]

Malwarebytes Blog:  Millions of GoDaddy customer data compromised in breach

 

https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm

Quote

EX-99.1 2 gddyblogpostnov222021.htm EX-99.1

 

 

November 22, 2021

GoDaddy Announces Security Incident Affecting Managed WordPress Service

On November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment. Here is the background on what happened and the steps we took, and are taking, in response:

We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.

Upon identifying this incident, we immediately blocked the unauthorized third party from our system. Our investigation is ongoing, but we have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information:

•Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.

•The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.

•For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.

•For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.

Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center (https://www.godaddy.com/help) which includes phone numbers based on country.

We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.

Demetrius Comes

Chief Information Security Officer

 

Forward-Looking Statements

This blog post contains forward-looking statements regarding GoDaddy Inc. (“we,” “GoDaddy,” or the “Company”) which are subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including our efforts to investigate and remediate the security incident and our attempts to identify and notify affected customers and implement additional security measures. Our forward-looking statements are based on information known to us at the time of this blog post and are subject to a number of known and unknown risks, uncertainties and assumptions that may cause our actual future results, performance, or achievements to differ materially from any future results expressed or implied in this blog post. Factors that contribute to the uncertain nature of our forward-looking statements include, among others, our ongoing investigation of the incident; our vulnerability to additional security incidents; adverse legal, reputational and financial effects on the Company resulting from the incident or

 

 

[AdvancedSetup]

Sadly

 

[nukecad]

Is it really unexpected? (Actually surprised it's not happened before - maybe it has just not been reported)

Big target, lots of attacks, only takes one to get through if they take their eye off the ball.

[David H. Lipman]

Right, it has happened before.  In 2019 and 2020.

https://www.bleepingcomputer.com/news/security/godaddy-notifies-users-of-breached-hosting-accounts/

From the May 3, 2020 article..

Quote

Last year, scammers used hundreds of compromised GoDaddy accounts to create 15,000 subdomains, some of them attempting to impersonate popular websites, to redirect potential victims to spam pages that were pushing snake oil products.

Earlier during 2019, GoDaddy was found to inject JavaScript into US customers' websites without their knowledge, potentially rendering them inoperable or impacting the sites' overall performance.

That script was used to monitor websites for internal bottlenecks, and to collect data on connection time and page load times — so-called Real User Metrics (RUM) — from U.S. customers using cPanel Shared Hosting or cPanel Business hosting.

 

[nukecad]

Well when I was chosing my first host they were quickly down on my list of choices, even though they were fairly well known even at that time.
I think that was one of my reasons, too marketed to 'don't really know's'.

But no illusions, the one I chose is geared to business and not home users, they are very good, but never say never.

[David H. Lipman]

Good discriminating reasoning @nukecad

[mountaintree16]

😬😬