WordPress is among the most renowned content management systems (CMS) globally, with an estimate of more than 64 million clients and 400 million daily visitors. Meanwhile, recent reports reveal that GoDaddy, the CMS’s top web hosting tool among clients, has compromised about 1.2 million WordPress client information to a data breach.
As described by GoDaddy’s chief information security officer (CISO) in an SEC filing, their team has found unauthorised access to its WordPress servers that exposed the data of more than 1.2 million active and inactive managed WordPress customers as of September 6 this year.
GoDaddy’s managed service for WordPress servers has optimised website hosting for establishing and managing clients’ WordPress websites. Moreover, the web hosting tool also manages basic administrative duties, including installing WordPress and its automated daily backups, core updates, and server-level caching for about $6.99 per month as its base plan offer.
GoDaddy customers have been hit by a data breach that compromised their information, email addresses, and contact details.
The data breach has alarmed the team of GoDaddy and warned all affected customers about the potential risks that the issue can pose, including the threats of phishing attacks. Aside from the email addresses and contact numbers, the web hosting tool also added that the first WordPress passwords of the clients upon initially creating their accounts might also be compromised, risking the cyberspace safety of those who never changed their accounts’ first passwords.
The secured File Transfer Protocol (sFTP) and Database Management System (DBMS) are also compromised for the active clients of the web hosting tool, forcing GoDaddy to reset them. While some of the active clients also had their Secure-Socket Layer (SSL) private key exposed, the web hosting tool reissued and installed new certificates for those affected.
WordPress’s security company, WordFence, has issued a report stating GoDaddy stored the clients’ sFTP credentials either as plaintext or in a convertible format to plaintext, instead of utilising salted hash or public key – both being paramount of practice in the industry when it comes to sFTP. This action enabled threat actors to directly access clients’ password credentials without needing to crack them.
Nonetheless, the web hosting tool stressed that they are investigating the case. GoDaddy’s security team have been reaching out to the affected clients to warn and offer them help. There are no other updates and further details released by the web hosting tool’s team as of writing.
