Connect with us

WORDPRESS

Why GoDaddy Data Breach Of +1 Million Clients Is Worse Than Described

Published

on

Why GoDaddy Data Breach Of +1 Million Clients Is Worse Than Described

Over one million GoDaddy hosting customers suffered a data breach in September 2021 that went unnoticed for two months. GoDaddy described the security event as a vulnerability. Security researchers indicate that the cause of the vulnerability was due to inadequate security that did not meet industry best practices.

The statement by GoDaddy announced that they have changed passwords for the affected customers of their WordPress Managed Hosting.

However simply changing passwords does not completely fix possible problems left behind by hackers, which means that up to 1.2 million GoDaddy hosting customers may remain affected by security issues.

GoDaddy Informs SEC Of Breach

On November 22, 2021 GoDaddy informed the United States Security and Exchange Commission (SEC) that they had discovered “unauthorized third-party access” to their “Managed WordPress hosting environment.”

GoDaddy’s investigation revealed that the intrusion began on September 6, 2021 and was only discovered on November 17th, two months later.

Who is Affected And How

GoDaddy’s statement says that up to 1.2 million customers of their WordPress managed hosting environment may be affected by the security breach.

According to the statement to the SEC the data breach was due to a compromised password in their provisioning system.

A provisioning system is the process for setting up customers with their new hosting services, by assigning them server space, usernames and passwords.

Advertisement

GoDaddy explained what happened:

“Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.”

GoDaddy Customer data that was exposed:

  • Email addresses
  • Customer numbers
  • Original WordPress administrator level passwords
  • Secure FTP (SFTP) usernames and passwords
  • Database usernames and passwords
  • SSL private keys

What Caused GoDaddy Security Breach

GoDaddy described the cause of the intrusion as a vulnerability. A vulnerability is generally thought of as a weakness or flaw in software coding but it also can arise from a lapse in good security measures.

Security researchers from Wordfence made the startling discovery that GoDaddy’s Managed WordPress hosting stored sFTP usernames and passwords in a manner that did not conform to industry best practices.

SFTP stands for Secure File Transfer Protocol. It is a file transfer protocol that allows someone to upload and download files from a hosting server using a secure connection.

According to the Wordfence security experts, the usernames and passwords were stored in an unencrypted plain text manner which allowed a hacker to freely harvest usernames and passwords.

Wordfence explained the security lapse they discovered:

“GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices.

…Storing plaintext passwords, or passwords in a reversible format for what is essentially an SSH connection is not a best practice.”

GoDaddy Security Issues May Still Be Ongoing

GoDaddy’s statement to the SEC stated that the exposure of customer emails could lead to phishing attacks. They also communicated that all passwords were reset for affected customers, which seems to close the door to the security breach, but that’s not entirely the case.

Advertisement

However over two entire months had elapsed by the time GoDaddy discovered the security lapse and intrusion which means that websites hosted on GoDaddy could still be in a compromised state if malicious files have not been removed.

It’s not enough to change the passwords of affected websites, a thorough security scan should have been performed to make sure that any affected websites are free of backdoors, Trojans and malicious files.

GoDaddy’s official statement has not said anything about mitigating the effects of already compromised websites.

The security researchers at Wordfence acknowledged this shortcoming:

“…the attacker had nearly a month and a half of access during which they could have taken over these sites by uploading malware or adding a malicious administrative user. Doing so would allow the attacker to maintain persistence and retain control of the sites even after the passwords were changed.”

Wordfence also states that the damage is not limited to the businesses hosted on WordPress managed hosting. The security researchers observed that hacker access to website databases could lead to access to website customer information, revealing sensitive customer information stored at ecommerce websites.

Effects of GoDaddy Data Breach May Continue

GoDaddy only announced that they have reset passwords. However nothing was said about identifying and fixing compromised databases, removing rogue administrator accounts and finding malicious scripts that have been uploaded, not to mention possible data breaches of sensitive customer information from ecommerce sites hosted on GoDaddy.

Citation

GoDaddy Announces Security Incident Affecting Managed WordPress Service

Read The Wordfence Security Report

GoDaddy Breached – Plaintext Passwords – 1.2M Affected

Advertisement

Searchenginejournal.com

WORDPRESS

Customize Your Entire Site With New Block Themes – WordPress.com News

Published

on

Customize Your Entire Site With New Block Themes – WordPress.com News

Customize Your Entire Site With New Block Themes

Experiment with a new look for your site with themes created to take advantage of Full Site Editing.

In case you missed it, we’ve been rolling out a new set of powerful site design tools called Full Site Editing (or “FSE”) and it’s now available for all WordPress.com users!

Don’t worry if you’re just hearing about Full Site Editing for the first time. We’ve been releasing these new tools in a way that doesn’t actually require you to do anything with your existing site(s). If you are up for a change though, we’re happy to announce the launch of a brand new family of themes made specifically with Full Site Editing features in mind. As of this writing we have over two dozen themes available that support Full Site Editing.

These new themes have been designed with a wide variety of sites cases in mind. But their potential stretches well beyond their screenshots and demo sites. Because each theme is fully editable in the Site Editor, every one of these themes can be heavily customized to fit your site’s needs. You can start with theme that features single minimalist homepage, and then add as many menus and sidebars as you wish. Or, you can start with a complex business theme and strip it down to something minimal to suit your vision.

The Site Editor also includes a new feature called “Global Styles,” which allows you to edit site-wide settings for color, typography, and more. You’re free to change your theme’s default color scheme to whatever fits your mood, or even make all site text larger or smaller in a couple of clicks. To kick off this new feature, we’re also providing a few pre-built variations on some of these new themes.

All the new themes and variations can be found in the Theme Showcase. Or, if you’re starting a fresh site, they’ll be offered to you automatically in the site creation flow. This collection of themes is just the beginning, and we’re excited to continue launching a variety of diverse theme options for you. What would you like to see in the next set of themes on WordPress.com?

Source link

Advertisement
Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish