r2d2 Posted December 1, 2021 Report Share Posted December 1, 2021 GoDaddy WordPress data breach timeline November 17, 2021: GoDaddy discovers unauthorized third-party access on Managed WordPress In a Securities and Exchange Commission (SEC) filing, Demetrius Comes, GoDaddy’s CISO, announced that the organization had discovered unauthorized access to its Managed WordPress servers. GoDaddy determined that the incident began on September 6, 2021, and exposed data on 1.2 million active and inactive Managed WordPress customers. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Comes said. “Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.” November 22, 2021: GoDaddy announces data breach Quote Link to comment Share on other sites More sharing options...
dasari4kntr Posted December 1, 2021 Report Share Posted December 1, 2021 Thanks I am using this service… godaddy + wordpress… Quote Link to comment Share on other sites More sharing options...
dasari4kntr Posted December 1, 2021 Report Share Posted December 1, 2021 20 minutes ago, r2d2 said: GoDaddy WordPress data breach timeline November 17, 2021: GoDaddy discovers unauthorized third-party access on Managed WordPress In a Securities and Exchange Commission (SEC) filing, Demetrius Comes, GoDaddy’s CISO, announced that the organization had discovered unauthorized access to its Managed WordPress servers. GoDaddy determined that the incident began on September 6, 2021, and exposed data on 1.2 million active and inactive Managed WordPress customers. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Comes said. “Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.” November 22, 2021: GoDaddy announces data breach Full link post cheyyava…. only site data compramised? Or customer details like cc also? Quote Link to comment Share on other sites More sharing options...
r2d2 Posted December 1, 2021 Author Report Share Posted December 1, 2021 https://techcrunch.com/2021/11/22/godaddy-breach-million-accounts/ 1 Quote Link to comment Share on other sites More sharing options...
dasari4kntr Posted December 1, 2021 Report Share Posted December 1, 2021 The filing said that the breach affects 1.2 million active and inactive managed WordPress users, who had their email addresses and customer numbers exposed. GoDaddy said this exposure could put users at greater risk of phishing attacks. The web host also said that the original WordPress admin password created when WordPress was first installed, which could be used to access a customer’s WordPress server, was also exposed. The company said that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. GoDaddy said it’s reset customer WordPress passwords and private keys, and is in the process of issuing new SSL certificates. ante ippudu kotta ssl certificate issue chestaada? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.