25 November 2021

Multiple Managed WordPress services resellers also hit in recent GoDaddy data breach


Multiple Managed WordPress services resellers also hit in recent GoDaddy data breach

Domain registrar and web hosting giant GoDaddy that recently suffered a data breach affecting over 1 million of its WordPress customers has confirmed that the incident also impacted several of its brands, including 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost.

“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action,” Dan Rice, VP of corporate communications at GoDaddy, told WordPress security firm Wordfence.

TsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe were acquired by GoDaddy in 2017, while Media Temple was bought by the company in 2013.

Earlier this week, GoDaddy revealed it detected unauthorized access to its managed WordPress hosting environment that resulted in the exposure of email addresses of as many as 1.2 million of active and inactive Managed WordPress customers. The compromised data also included WordPress Admin password set at the time of provisioning, sFTP and database usernames and passwords for active customers, and SSL private keys (for a small subset of active customers).

“What this means is the unauthorized party could have obtained the ability to access your Managed WordPress service and make changes to it, including to alter your website and the content stored on it. The exposure of your email address may also present a heightened risk of phishing attacks,” GoDaddy said in a data breach notification letter sent to customers.

The company said it reset compromised WordPress Admin login credentials, sFTP passwords and database passwords, but warned users that they won’t be able to edit content on their websites until they set a new password.


Back to the list

Latest Posts

The story of the four bears: Brief analysis of APT groups linked to the Russian government

The story of the four bears: Brief analysis of APT groups linked to the Russian government

In “The Four Bears” series we will tell you about the APT groups known as Fancy Bear, Cozy Bear, Voodoo Bear, and Berserk Bear.
17 January 2022
Cybersecurity year in review: Most notable APT hacks of 2021

Cybersecurity year in review: Most notable APT hacks of 2021

In 2021 nation-state actors somewhat faded into the background, but they still pose a significant threat.
17 January 2022
Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos server to plant backdoor and exfiltrate data.
30 December 2021