Web hosting giant GoDaddy began this week confirming a massive data breach affecting 1.2 million customers. The company is ending the week saying the breach is bigger than originally thought. While it was first thought only the Managed WordPress feature was compromised, it seems subsidiaries that resell the service as also affected.
Those subsidiary companies are Heart Internet, Domain Factory, Media Temple, 123Reg, Host Europe, and tsoHost. Essentially, this means more customers are potentially compromised although a figure has not been given by GoDaddy:
“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost,” Dan Rice, vice president of corporate communications at GoDaddy, told Wordfence (via ThreatPost). “A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”
In a public filing to the U.S. Securities and Exchange Commission (SEC), GoDaddy this week disclosed the data breach. The attack occurred through the site-building tool known as Managed WordPress, which helps customers create a site hosted by GoDaddy.
Long Term Attack
While the attack originally happened on Setp. 6, the threat actor was able to steal data for over two months, up until GoDaddy discovered the breach on Nov. 17.
“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Demetrius Comes, GoDaddy CISO, confirmed.
The company says the cybercriminals made off with an assortment of data, including:
- “Emails and customer numbers for 1.2 million active and inactive Managed WordPress customers
- sFTP and database usernames and passwords for active customers (passwords are now reset)
SSL private keys “for a subset of active customers,” used to authenticate websites to internet users, enable encryption and prevent impersonation attacks. GoDaddy is in the process of issuing and installing new certificates for affected customers.”
Tip of the day: Need to create an ad-hoc network from your PC? In our tutorial we show you how to easily create a shareable wireless internet connection in Windows as a free WIFI hotspot.