Managed WordPress, one of GoDaddy’s services that provides domain registration and rental server services, has been attacked, revealing the information of up to 1.2 million users. In addition, it is reported that the damage is increasing to domain registration registries and web hosting companies that provide managed WordPress within the service.
According to a report conducted by Goddee to the SEC of the US Securities and Exchange Commission, on November 17, 2021, unauthorized third-party access was confirmed in the managed WordPress hosting environment. As a result of an immediate investigation, it was determined that from September 16, 2021, an unauthorized third party was using the vulnerability to access customer information.
Up to 1.2 million active and inactive users using Managed WordPress. There is a risk of phishing attacks by leaking email addresses, customer numbers, and email addresses. Here is the original WordPress admin password set in provisioning. Because of this, the credentials could become available, so Goddee did a password reset. For active customers, SFTP or database usernames and passwords were leaked, which also performed a reset. For some active users, SSL and private keys were leaked and new certificates were issued and installed for the target.
Immediately after confirming the incident, GoDdy said that unauthorized third parties were blocked from the system, and that the provisioning system is being strengthened as an additional protective measure.
On November 23rd, it was revealed that several services (tsoHost , Media Temple , 123 Reg , DomainFactory , Heart Internet , Host Europe) that dealt with Managed WordPress within the product were affected by the information leak.
According to a security researcher, GoDee has experienced similar information leaks three times over the past three years. Godddy has more than 35,000 servers hosting more than 5 million websites and has been subject to multiple cyberattacks in the past, he said. Millions of people who rely on Goddi for business are severely impacted by these attacks. To ensure that customer data is safe, GoDaddy points out that it is necessary to implement appropriate control systems to prevent the threat of cyberattacks. In addition, Goddi reset password and secret key according to this attack, but it is pointed out that this is insufficient. Related information can be found here.