If you got an email this week from Godaddy, Domains PricedRight and other Godaddy Reseller tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet Host Europe or another Godaddy company (Wordfence) you could be one of Godaddy’s 1 Million customers who were involved in a data breach.
I recently had a number of customers reach out to me regarding this email that was sent last night.
Depending on if you had a Managed WordPress account the email was slightly different.
If you previously had a managed Godaddy account it will say something like
We are writing to inform you of a security incident impacting our GoDaddy Managed WordPress environment you once purchased and used. According to our records your Managed WordPress account is no longer active.
The web hosting business announced Monday that it had been hacked, and yes, customer data was taken.
The email goes on to say:
On November 17, we identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and have contacted law enforcement. Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to your customer number, email address associated with your previously used Managed WordPress account; and the password you first used when setting up your WordPress Admin login.
If you use that same password for other accounts, we recommend you change your password to those accounts and adopt data security best practices, such as choosing a strong unique password, regularly changing it, and enabling multi-factor authentication where available. We also recommend that you remain vigilant for potentially fraudulent communications sent to your email address purporting to be from GoDaddy or other third parties.
For residents living in California, Colorado, Delaware, Illinois, New York, New Jersey, Oregon, Vermont, Washington, and Wyoming, please visit https://www.godaddy.com/help/a-41004 for additional resources that describe additional steps you can take to help protect your information, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.
Chief Information Security Officer
It was only recently that Godaddy discovered it had been hacked but it happen a month ago.
The firm claimed in a filing to the SEC that someone gained access to its Managed WordPress hosting environment back in September, but that it only recognized something was wrong last Wednesday.
“We are sincerely sorry for this incident and the concern it causes for our customers,”
“We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down.”
Godaddy Customer information that was compromised:
- Email addresses
- Customer numbers
- Original WordPress administrator level passwords
- Secure FTP (SFTP) usernames and passwords
- Database usernames and passwords
- SSL private keys
So If you had one of these emails or are concerned about what should you do next?
Beware of Phishing emails and Call
Phishing is a kind of social engineering assault that is used to get people’s login information and credit card numbers. When a victim is fooled into opening an email, IM, or text message sent by a seemingly trusted individual, it is known as phishing. Now that a hacker may have some of your personal information you may receive a call or more likely an email claiming to be from Godaddy. Be very careful with any sales calls from Godaddy and feel within your right to put down the phone and call back to double-check it was a real call.
Change your WordPress Admin Passwords
Having an unauthorised person have access to your WordPress is a scary thought. It is suggested that you change your password every three months. If you want added security adding a 2FA or login detection. This can put your mind at ease to know who is logging in and when.
Do a WordPress security check and add an audit log
With this recent news, we would suggest doing a WP Security audit to see if anything is a miss. Although this post cant go through everything that is needed to be checked here’s a few things to look out for:
- Admin roles kept to a minimum
- All admins have strong passwords
- Plugins Updated and still in lifecycle
- The theme has been updated and still in lifecycle
- Plugins and theme both are unchanged
- File permissions are set correctly
- Code is secure
- Database is clean
Securing a website is a big task and if you would like some help reach out to us.
Change your sFTP and FTP logins
During this hack, your sFTP logins may have been accessed so this is as important as changing your WordPress passwords. With FTP a user can access every file of your site and malicious code and even create a backdoor so they can log in directly.
Change the database username and password
Update both the phpmyadmin’s username and password this can be done via Godaddy’s admin panel
Check card details
Godaddy has said “Please note that, to date, our investigation has not revealed any evidence that the unauthorized third party had access to credit card information, or any other financial information” However it is best practice to look over any cards connected with Godaddy just to be on the safe side
Move from Godaddy
First to be fair Godaddy is not the only host that has suffered a security issue and they won’t be the last. The fact it to took them so long to realise is concerning. If you are looking to move to another host feel free to reach out to us and we can make some suggestions and help you in the moving process.
The GoDaddy Managed WordPress data breach is likely to have significant repercussions. The SEC filing says that “Up to 1.2 million active and inactive Managed WordPress customers” were affected. The data breach potentially affects people who use those sites, which means the number of affected individuals is much larger.
Anyone who uses GoDaddy’s Managed WordPress solution should assume their sites have been hacked until further notice, and should follow the measures outlined in this article.