Connect with us

WORDPRESS

Data Breach Spreads To Six Web Hosts

Published

on

Data Breach Spreads To Six Web Hosts

The GoDaddy data breach that affected up to 1.2 million web hosts has expanded to six more web hosts serving customers worldwide. The six additional compromised web hosts are resellers of GoDaddy’s hosting services. The extent of the intrusion appears to be the same as with GoDaddy, with matching dates of when the security intrusion began.

The six compromised web hosting providers are:

  • 123Reg
  • Domain Factory
  • Heart Internet
  • Host Europe
  • Media Temple
  • tsoHost

Precise Dates of Intrusion

The state of California published notification of a security breach submitted by GoDaddy on November 23, 2021.

In the California notification GoDaddy provided specific dates for the security intrusions.

The dates of intrusion are:

  • 09/06/2021
  • 09/07/2021
  • 09/08/2021
  • 09/09/2021
  • 09/10/2021
  • 09/11/2021
  • 11/07/2021

Those dates are important because customers of at least two of the hosting providers were sent notices that referenced the same date of intrusion, September 6, 2021 according to information published by Wordfence. That implies that the root cause of additional data breaches are connected, if at least by date if not more.

The notifications sent to GoDaddy customers and to at least two of the additional web hosts are also similar.

This is the text of part of the email sent to GoDaddy customers:

“We are writing to inform you of a security incident impacting your GoDaddy Managed WordPress hosting service.

On November 17, we identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of a third-party IT forensics firm and have contacted law enforcement.

Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to certain authentication information for administrative services, specifically, your customer number and email address associated with your account; your WordPress Admin login set at inception; and your sFTP and
database usernames and passwords.

Advertisement

What this means is the unauthorized party could have obtained the ability to access your Managed WordPress service and make changes to it, including to alter your website and the content stored on it.”

The notice sent to GoDaddy customers is similar to the email notice sent to MediaTemple customers.

This is a part of the email sent to MediaTemple customers:

“…we have determined that, on or about September 6, 2021, an unauthorized third party gained access to certain authentication information for administrative services, specifically, the customer number and email address associated with your account; your WordPress Admin login set at inception; and your sFTP and database usernames and passwords.”

The administrators of the respective web hosts have reset passwords and recommend that customers reset their passwords. Those whose SSL certificate data was exposed may have to have their certificates reinstalled.

Customers Face Possibly Compromised Websites?

Customers of the additional six web hosting providers that were subject to a data breach may face the possibility of further security issues given that their sensitive data was exposed for two months undetected, giving hackers time to install backdoors, add rogue administrative accounts and upload malicious scripts.

Citations

Read The Wordfence Security Advisory

GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe

California Data Security Breach Notification

Sample Of Email Sent By GoDaddy (PDF)

Advertisement

Searchenginejournal.com

See also  WordPress Out of Touch with Publisher Needs? via @martinibuster

WORDPRESS

Customize Your Entire Site With New Block Themes – WordPress.com News

Published

on

Customize Your Entire Site With New Block Themes – WordPress.com News

Customize Your Entire Site With New Block Themes

Experiment with a new look for your site with themes created to take advantage of Full Site Editing.

In case you missed it, we’ve been rolling out a new set of powerful site design tools called Full Site Editing (or “FSE”) and it’s now available for all WordPress.com users!

Don’t worry if you’re just hearing about Full Site Editing for the first time. We’ve been releasing these new tools in a way that doesn’t actually require you to do anything with your existing site(s). If you are up for a change though, we’re happy to announce the launch of a brand new family of themes made specifically with Full Site Editing features in mind. As of this writing we have over two dozen themes available that support Full Site Editing.

These new themes have been designed with a wide variety of sites cases in mind. But their potential stretches well beyond their screenshots and demo sites. Because each theme is fully editable in the Site Editor, every one of these themes can be heavily customized to fit your site’s needs. You can start with theme that features single minimalist homepage, and then add as many menus and sidebars as you wish. Or, you can start with a complex business theme and strip it down to something minimal to suit your vision.

The Site Editor also includes a new feature called “Global Styles,” which allows you to edit site-wide settings for color, typography, and more. You’re free to change your theme’s default color scheme to whatever fits your mood, or even make all site text larger or smaller in a couple of clicks. To kick off this new feature, we’re also providing a few pre-built variations on some of these new themes.

See also  Jetpack Acquires WordPress Social Image Generator

All the new themes and variations can be found in the Theme Showcase. Or, if you’re starting a fresh site, they’ll be offered to you automatically in the site creation flow. This collection of themes is just the beginning, and we’re excited to continue launching a variety of diverse theme options for you. What would you like to see in the next set of themes on WordPress.com?

Source link

Advertisement
Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending