GoDaddy Data Breach 2021: What Has Been Compromised?2 Min Well Spent

GoDaddy, the world’s most-utilized domain registrar, has announced a data breach that affects up to 1.2 million active and inactive managed WordPress users. After a 2019 breach was discovered in Spring 2020, GoDaddy Data Breach 2021 is upon us.

The company discovered the cyberattack on November 17, 2021. It was disclosed to the Securities and Exchange Commission (SEC) on November 22.

The attacker gained initial access on September 6 using a compromised password. GoDaddy locked the intruder out of their system upon discovery over two months later.

GoDaddy Data Breach 2021: What has been compromised?

  • E-mail addresses for 1.2 million accounts
  • Original WordPress admin passwords of the compromised accounts
  • SSL keys for some clients

“GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords or providing public key authentication,” Wordfence CEO Mark Maunder says, “…both (are) industry best practices.”

GoDaddy says they have reset passwords of all affected accounts and are regenerating security certificates where necessary. They also say they have already contacted all impacted customers.

Resellers of GoDaddy’s managed WordPress have been affected as well, including Host Europe, Heart Internet, Domain Factory, 123Reg, Media Temple and tsoHost.

GoDaddy recently had a data breach on October 2019, which they reported six months later in May 2020.

Among more obvious issues, the hack heightens the risk of phishing attempts. Companies using the GoDaddy managed WordPress platform should be wary of suspicious emails.

IT Support Guys clients are aware of the incident, even those who are not compromised. We have established a task force, taking appropriate measures to recover and reinforce any compromised accounts.

If you worry that your account is currently logged into a device that you do not manage, check active sessions here.

If you are locked out of your account or domain, you can begin the process to regain access here.

A screenshot of the active sessions on a GoDaddy account, to help monitor GoDaddy Data Breach 2021

ITSG urges all companies to use multi-factor authentication immediately, in addition to changing passwords for all domains they own. With MFA, a cyber attacker will also need something in the possession of you or another employee to gain access to your account.

With a managed WP Engine partner like IT Support Guys, companies can have all their security updates and plugins handled proactively. Managed WordPress means peace of mind.

Without ITSG’s Managed Microsoft 365 or Google Workspace plan, you may be missing the necessary monitoring of your domain registration and DNS records. With it, companies get secure domain registration, DNS records, MX records, and web hosting.

If you are interested in finding out more about IT Support Guys’ managed WordPress, Microsoft 365, or Google Workspace plans, get on a call with our Virtual CIO ASAP. Call us today at (855) 4IT-GUYS, or schedule an appointment with the vCIO today.

Connect with Next Perimeter on Social Media

READY TO TRANSFORM YOUR CYBERSECURITY?

Switching to Next Perimeter is Simple, with No Downtime or Disruptions

1. Free Exploratory Consultation Call

Let’s dive into your specific needs, security challenges, and current technology set-up. We’ll collaborate with you to start crafting tailored solutions that align with your business goals.

Element - Arrows Dark

2. Identity & Device Assessment

Our experts will begin developing a customized proposal for your unique environment. We’ll perform a thorough assessment to finalize the scope, ensuring every aspect of your digital security is covered.

Element - Arrows Light

3. Schedule Your Seamless Onboarding

With your approval, we’ll launch your onboarding process. Our all-in-one security solution will seamlessly integrate into your existing infrastructure, implemented by our expert team for a smooth transition.

Search