1.2 Million WordPress Accounts Hacked

 11/23/2021 12:00:00 AM
Views: 4,183
2 Minutes, 17 Second
 Written By John Marx
Tags:Security

1.2 Million WordPress Accounts Hacked

Let's start by saying no web host is perfect. GoDaddy was missing the security basics of encrypting passwords and user information. This is something that should ever happen. That is what happened with the last security breach at GoDaddy 18 months ago (May 5, 2020).

 

What Happened In The GoDaddy Breach?

What happened in the GoDaddy Data Breach announced on November 22, 2021.

 

  • Managed WordPress website ADMIN passwords have been compromised.
  • Managed WordPress website DATABASE username and password was compromised.
  • The passwords were not encrypted so no decryption was required.
  • Being that access to the WordPress site and the WordPress MySQL database was compromised all of the customer information (name, email, phone, etc.) stored has been compromised.
  • Some SSL Private Keys were compromised. GoDaddy is automatically fixing these according to the statement.

 

Other Key Items About The GoDaddy Breach To Be Aware Of

Other items not noted but could be a problem. There is no mention of these itms yet any good security check would include these items being evaluated.

 

  • Form information could have been compromised.
  • Credit card information if stored in the database could have been compromised.
  • ManagedWP is owned by GoDaddy and used on their Managed WordPress Plans. It is possible that these could be compromised as well.

 

How To Fix The GoDaddy Breach Of November 2021

 

  • Try logging in. If you do, you're doing good as many compromised, you are unable to login. If you can't login, you may be able to reset the admin password. If you are unable to achieve that, your choice will be restored from TWO MONTHS ago. Many don't keep a backup that long. You need to restore BEFORE September 6, 2021 (e.g., September 5, 2021, or before).
  • Change your sFTP user passwords for every sFTP account you have.
  • Change all of your administrator passwords.
  • It's recommended to change your other user passwords as well.
  • Change your database password.
  • Run a virus and malware scanner on your entire site.
  • If you are running an eCommerce site, you may have to inform everyone of your customers you have or may have been compromised.
  • If you can implement two-factor authentication on your websites.
  • Continue to monitor your site logs for any activity that appears suspicious and out of the ordinary.

Conclusion

Going forward, be on the lookout for phishing emails as these scammers now know the email addresses, that they are associated to GoDaddy accounts and more. Every password that was exposed should never be used again to further strengthen your password security.


Available Service Flyers

Our philosophy has always been honesty (this is our rule #1) and transparency in our services. There's no reason to hide costs unless you have something to hide. We've found that those who hide fees charge more successful businesses more money because they can. We do not feel this is the way America was meant to be. We believe in offering a fair price to everyone for the work that is done.

We also believe that once you sign on with us, you trust us, and as our thank you to you, we "price lock" our services for the plan(s) you signed up for at that time. This means while you are on those services, the price will always be the same. As business owners, we appreciate this as it allows us to budget our business expenses better.