One of the most popular platforms for hosting websites and domains, Godaddy, has announced a major security breach that has affected 1.2 million users. This is unauthorized access to the system to manage WordPress sites. However, the figure can be even higher if we consider that a customer can have several websites and all of them would have been affected.
Access through a compromised password
From GoDaddy they have reported that an intruder had access on September 6 through a compromised password. The point is that it was not until November 17 that they realized this problem and that was when they revoked that access. Therefore, for just over two months it has been able to compromise many websites hosted on this service.
But, how could this happen? The problem could be due to GoDaddy storing SFTP credentials in plain text or in a reversible format in plain text. This is in contrast to much more secure techniques that could make unwanted access by any intruder much more difficult.
They have indicated that for active users, usernames, SFTP passwords, and databases may have been exposed. The intruder was also able to access email addresses, customer numbers, SSL private keys or the original WordPress password.
It is certainly a serious problem, so any user who has a GoDaddy account to manage websites, must be aware that they may have been compromised and should take additional measures as soon as possible to reduce the damage and, in addition, that does not affect third parties.
GoDaddy works to mitigate the problem
GoDaddy has taken swift action to protect users and mitigate this issue as quickly as possible. One of the measures is reset passwords affected, something basic whenever a leak or a security problem of this type occurs. They are also generating new SSL certificates for users who may have been affected.
However, the investigation is still present and they still do not know how this attacker could have access to the compromised password and be able to access this data and compromise the security of more than a million GoDaddy accounts.
The company itself will contact the affected users in the coming days. Now, if you have a GoDaddy account, you should take measures as soon as possible to minimize the possibility of being affected and have privacy or security problems on your sites.
Something essential is change passwords access to WordPress. In addition, if possible it would be interesting to also force a password reset for the other users of that website. The attacker could have had access to those passwords.
If you use the same password for other services, whether or not they are related to GoDaddy and your website, you should still change them. Similarly, it would be important that you warn other users to do the same and thus avoid what is known as a domino effect and that it affects other services. This would happen if, for example, someone uses the same email and password to enter Facebook.
Also, as an additional tip, whenever you can you should activate the two-step authentication. It is essential to protect a WordPress site or any platform. This creates an extra layer of security to prevent an intruder, even knowing the password, from gaining access. There are many free WordPress security plugins that you can use.
Ultimately, GoDaddy has suffered a significant security breach. More than a million sites have been affected. Although the investigations are still present, they have already taken steps to mitigate the problem. Of course, anyone who has a site on this platform should be aware that it has been compromised. There are methods to know if your WordPress has been hacked.