Wednesday, 24 November 2021 11:33

Security breach exposes over 1.2 million email accounts belonging to major web host

Written by 
Security breach exposes over 1.2 million email accounts belonging to major web host REUTERS/Brendan McDermid/File Photo

Users of the web hosting service GoDaddy had their accounts compromised for months before learning about the breach. The attackers were also able to compromise websites’ security certificates.

Hackers targeting GoDaddy were able to access some 1.2 million email addresses affiliated with the domain registrar who used the WordPress web-hosting format, according to a US Securities and Exchange Commission (SEC) disclosure filed on Monday.

The hackers allegedly accessed a “provisioning system” within WordPress by “using a compromised password” associated with the content management system on September 6, interference that wasn’t noticed until two months later.

Upon discovering the breach on November 17, GoDaddy “immediately locked the attacker out,” the web hosting company claimed in the filing, explaining that it subsequently embarked on its own investigation and contacted law enforcement and an unspecified "IT forensics firm."

“We are sincerely sorry for this incident and the concern it causes for our customers,” chief information security officer Demetrius Comes wrote. “We, GoDaddy leadership and employees, take our responsibility to protect customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.”

Hackers prowling through the data left accessible to anyone with that compromised password were able to view not just the original WordPress admin passwords, but customers’ private SSL keys – best known as the miniature padlock icon used to reassure customers they are operating over a secure connection if they are shopping online, for example.

Comes pledged that the company had reset its main passcodes and was in the process of issuing and installing new SSL certificates, a thorny process given that web hosts are often warned against submitting personal information in response to inquiries from their hosting platforms, lest the inquiry turn out to be a phishing attack.

GoDaddy acknowledged the latter in another SEC filing, complaining of an “increased level” of “social engineering efforts” targeting the company, some of which were apparently successful.

(source)

Comments (0)

There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest.
Attachments (0 / 3)
Share Your Location

Latest Comments

Nate Covington posted a comment in Download XMap for Joomla - All Versions Joomla
Hi, I stopped using Xmap years ago. Not sure about your particular error with Hikashop. I suggest ...
Jonathan Brain posted a comment in Download XMap for Joomla - All Versions Joomla
Got these errors with your copy of XMap for Joomla 3.0.x download when upgrading a Joomla / Hikashop...
@giucas - No, this is a "PayPal" thing. Most likely there IS a way for a user to pay with a guest a...
Joy Lewis posted a comment in Beware of Fraud: Web Design Scam
I had the same issue today, I'm glad I didn't respond it seemed really fishy. Thanks for getting i...
Thanks for this code! The paypal form doesn't allow guest payment (with credit card) but only via pa...

Focus Areas

360-Degree Campaigns
Affiliate Marketing
Analytics & Data Reporting
Automation
Blogging

Brand Development
Brand Identity & Standards
Brand Messaging
Brand Positioning
Brand Strategy
Content Development
Content Management
Copywriting
Corporate Communications
Creative Direction
Differentiation
Digital Marketing
Employee Engagement
Executive / Stakeholder Communications
Graphic Design
Key Messaging
Integrated Marketing
Internal Communications
Public Relations Management
Public Relations Strategy
Social Media Marketing
SEO & Optimization
Storytelling
Strategic Planning
Visual Communication
Web Design + Development
Web Maintenance & Updates

UI/UX
Workflow Process Engineering

Get a Quote

Web Design, Development, Consulting

We tend to ask the questions that need to be asked, and think of the details that nobody else does. We anticipate needs, find solutions to difficult problems, and bring order to complex situations.

Get a Quote

Security Updates & Patching

White glove monthly maintenance for your Wordpress, Drupal, or Joomla site.

Maintenance Plans & Pricing