Godaddy Managed WordPress Hacked

Godaddy Managed WordPress Hacked

Godaddy issued an official letter informing clients of a security incident impacting GoDaddy’s Managed WordPress hosting service.

If you are not using the services, but have a GoDaddy account, you may not be impacted. However, the hosting provider did not mention anything about accounts that are not using the Managed WordPress services.

The hacking took place in September and was only detected by GoDaddy in November. That gave a long time to the hackers to collect private data that they may use in the future. Millions of accounts were hacked!

GoDaddy did not say whether account information, such as credit card numbers, were stolen.

“We recently identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of a third-party IT forensics firm and have contacted law enforcement.

“Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to certain authentication information for administrative services, specifically, the customer number and email address associated with your account; your WordPress Admin login set at inception; and your sFTP and database usernames and passwords,” says the provider.

What this means is the unauthorized party could have obtained the ability to access Managed WordPress service and make changes to it, including altering websites and the content stored on it. The hackers could have installed malware and other nasty kinds of stuff on these accounts.

The exposure of email addresses may also present a heightened risk of phishing attacks.

GoDaddy says it is taking several steps to protect the clients and their data. “First, we have blocked the unauthorized third party from our systems.

“Second, we have reset WordPress Admin login credentials, sFTP password and database password. The websites affected are still up and running, but clients won’t be able to edit content until they reset your passwords.”

The provider, in emails to clients, is giving links and instructions on how to reset the passwords.