1.2 Million WordPress Accounts Hacked

 

1.2 Million WordPress Accounts Hacked

 11/23/2021 12:00:00 AM | Views: 4,830 | 2 Minutes, 17 Second |  Written By John Marx | Tags: Security

Let's start by saying no web host is perfect. GoDaddy was missing the security basics of encrypting passwords and user information. This is something that should ever happen. That is what happened with the last security breach at GoDaddy 18 months ago (May 5, 2020).

 

What Happened In The GoDaddy Breach?

What happened in the GoDaddy Data Breach announced on November 22, 2021.

 

  • Managed WordPress website ADMIN passwords have been compromised.
  • Managed WordPress website DATABASE username and password was compromised.
  • The passwords were not encrypted so no decryption was required.
  • Being that access to the WordPress site and the WordPress MySQL database was compromised all of the customer information (name, email, phone, etc.) stored has been compromised.
  • Some SSL Private Keys were compromised. GoDaddy is automatically fixing these according to the statement.

 

Other Key Items About The GoDaddy Breach To Be Aware Of

Other items not noted but could be a problem. There is no mention of these itms yet any good security check would include these items being evaluated.

 

  • Form information could have been compromised.
  • Credit card information if stored in the database could have been compromised.
  • ManagedWP is owned by GoDaddy and used on their Managed WordPress Plans. It is possible that these could be compromised as well.

 

How To Fix The GoDaddy Breach Of November 2021

 

  • Try logging in. If you do, you're doing good as many compromised, you are unable to login. If you can't login, you may be able to reset the admin password. If you are unable to achieve that, your choice will be restored from TWO MONTHS ago. Many don't keep a backup that long. You need to restore BEFORE September 6, 2021 (e.g., September 5, 2021, or before).
  • Change your sFTP user passwords for every sFTP account you have.
  • Change all of your administrator passwords.
  • It's recommended to change your other user passwords as well.
  • Change your database password.
  • Run a virus and malware scanner on your entire site.
  • If you are running an eCommerce site, you may have to inform everyone of your customers you have or may have been compromised.
  • If you can implement two-factor authentication on your websites.
  • Continue to monitor your site logs for any activity that appears suspicious and out of the ordinary.

Conclusion

Going forward, be on the lookout for phishing emails as these scammers now know the email addresses, that they are associated to GoDaddy accounts and more. Every password that was exposed should never be used again to further strengthen your password security.