GoDaddy Breached ! It’s Serious


The US Securities and Equities Commission (SEC) haspublished a “Security Incident” submitted last week by Web services behemoth GoDaddy.

According to GoDaddy, the crooks – or the unauthorised third party, as the report refers to them:

  • Had been active since 06 September 2021, a ten-week window.
  • Acquired email addresses and customer numbers of 1,200,000 Managed WordPress (MWP) customers.
  • Got access to all active MWP usernames and passwords for sFTP (secure FTP) and WordPress databases.
  • Got access to SSL/TLS private keys belonging to some MWP users, subset of active users

GoDaddy stated that default WordPress admin passwords, created when each account was opened, were accessed, too, though we’re hoping that few, if any, active users of the system had left this password unchanged after setting up their WordPress presence.

If the passwords had been  salted hashed and stretched, as you might expect, that GoDaddy would have reported the…

View original post 338 more words

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.