Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


GoDaddy Wordpress Hosting Breached - Plaintext Passwords - 1.2M Customers Affected
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

GoDaddy Wordpress Hosting Breached - Plaintext Passwords - 1.2M Customers Affected

JasonMJasonM Member
edited November 2021 in General

This morning (22nd), GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers..

By WordFence: https://www.wordfence.com/blog/2021/11/godaddy-breach-plaintext-passwords/

any one having their Godaddy MWP (Managed WordPress Hosting) - better change your passwords.

Thanked by 1hnzlet

Comments

  • DPDP Administrator, The Domain Guy

    @JasonM said: any one having their MWP (Managed WordPress Hosting) with Godaddy, better change your passwords.

    Or changing providers could also been an option to consider :smiley:

    Thanked by 3JasonM dahartigan tux
  • JasonMJasonM Member
    edited November 2021

    @DP said: Or changing providers could also been an option to consider

    indeed, they're selling WordPress Security product called Sucuri which is a WordPress security. They protect your website from hackers. LOL.

  • 1.2 million accounts breached = 1.2 million posts on LES :-)

  • jarjar Patron Provider, Top Host, Veteran

    @JasonM said:

    @DP said: Or changing providers could also been an option to consider

    indeed, they're selling WordPress Security product called Sucuri which is a WordPress security. They protect your website from hackers. LOL.

    Sucuri is still pretty solid. Good team there still.

    Thanked by 2JasonM dystopia
  • Can we have a megathread of all companies that follow bad practices for security? I know Ezoic stores password as plaintext/in a way that can be decrypted for their managed WP platform similar to this Godaddy incident. Comment about companies from where you can retrieve the same password, EPP keys always shown in plain and they never change that, any other security issues.

    Security Hall of Shame
    1. Godaddy
    2. Ezoic

    Thanked by 1JasonM
  • sue them for storing unsalted unhashed plaintext passwords

  • @Boogeyman said:
    Can we have a megathread of all companies that follow bad practices for security? I know Ezoic stores password as plaintext/in a way that can be decrypted for their managed WP platform similar to this Godaddy incident. Comment about companies from where you can retrieve the same password, EPP keys always shown in plain and they never change that, any other security issues.

    Security Hall of Shame
    1. Godaddy
    2. Ezoic

    +1 for this. It will be useful to avoid this kind of problem in the future, I mean from customer perspective

  • @Boogeyman said: Can we have a megathread of all companies that follow bad practices for security?

    indeed! the list could grow soon! The more the privacy matters, the more are the leaks/bugs in security!

  • @Boogeyman said: Security Hall of Shame

    1. Godaddy
    2. Ezoic

    Yes in https://www.lowendtalk.com/wiki/security-hall-of-shame (if @raindog308 @jbiloh make it happen, ofc).

    @JasonM said: any one having their Godaddy MWP (Managed WordPress Hosting) - better change your passwords.

    This is the kind of news you sort of expect from GoDaddy. There are other managed hosts that do the same thing and allow you to click to get the password in the clear.

  • BoogeymanBoogeyman Member
    edited November 2021

    @JasonM said: The more the privacy matters, the more are the leaks/bugs in security!

    Well I know what you mean ;)

    @Kassem said: There are other managed hosts that do the same thing and allow you to click to get the password in the clear.

    Password shouldn't be stored at all at plain to get them retrieved by customers. The same customer will blame you if something goes wrong that wanted to get their password back in this way. They want lockdown but if they are to be questioned at the gate they don't like that.

  • ArkasArkas Moderator

    Suck Uri, huh!?

  • jsgjsg Member, Resident Benchmarker

    As there were questions ...

    WordFence reports:
    GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe

    https://www.wordfence.com/blog/2021/11/godaddy-tsohost-mediatemple-123reg-domain-factory-heart-internet-host-europe/

    Thanked by 1JasonM
  • ohh! thanks for posting.. those all are sub-brands of godaddy!
    indeed they had this breach as their parent.

Sign In or Register to comment.