WordPress is among the most popular content management systems worldwide. Although widely known as a blogging platform, WordPress isn’t limited to just that. At present, it hosts around 43% of the websites on the internet.
Therefore, a security failure on their end is sure to have a big impact on the thousands of customers using their content management system. And according to a report by the global web hosting firm GoDaddy, the data of around 1.2 million WordPress customers has been compromised due to a security breach.
Identification Of The Breach
The information was put forward by Demetrius Comes, the chief information security officer at GoDaddy in a Securities and Exchange Commission (SEC) filing. The firm started its investigations after identifying suspicious activity on their servers, during which they discovered unauthorized access by a third party on their managed WordPress servers.
This managed service offered by GoDaddy is a streamlined and optimized hosting platform that makes sites like WordPress faster and more secure for the customers. The firm handles basic hosting jobs like installing WordPress, daily backups, managing updates, and more on behalf of their customers.
The huge breach has left the information of more than 1.2 million active and inactive WordPress customers at risk. As per the information provided by the firm, the third-party attacker had gained access to the system due to a compromised password, which provided them access to the customer data beginning from 6th September 2021. The breach was discovered on 17th November, after which the unauthorized access was blocked by the hosting firm.
Customer Information Exposed
As per GoDaddy, the breach puts the affected customers at risk for phishing attacks, as their phone numbers and email addresses are likely to have been exposed. The original WordPress Admin password, which is created at the time of installing WordPress has also been exposed. For customers who did not change that password, this could mean that the hackers had access to their website since September. These passwords have, however, been reset by GoDaddy after identifying the breach.
In addition, active customers had their sFTP and database usernames and passwords compromised, both of which have been reset by GoDaddy following the investigations. A section of the active customers also had the SSL private key of their website exposed. At present, GoDaddy is in the process of issuing and installing new certificates for all these customers.
WordFence, a company that provides a security plugin for WordPress sites, has mentioned that the breach occurred due to the way GoDaddy stores the passwords. The firm stored the sFTP passwords in a way that made it easy to retrieve plaintext versions of the same. Therefore, the attacker could directly access the customer passwords without needing to spend time cracking them.
If the firm had adopted more secure practices like providing public key authentication or storing salted hashes of the customer passwords, the customer data would have been much more difficult to breach. Something like this could be detrimental to a Kansas City Truck Accident Lawyer like the one at Siro Smith Dickson. A lot of law firms depend on their websites to be found and hired by clients.
Investigation Is Ongoing
As per GoDaddy, the investigation of the security breach is still ongoing. The firm has been actively notifying all the impacted customers directly with all specific details of the data breach. Customers can also get in touch with the company representatives through the country-wise numbers mentioned in their help center.
The firm has also apologized for the breach, mentioning that they are aware of how concerning the data leak is for the customers. They have also mentioned that they have been taking steps to strengthen their provisioning system with additional layers of security to prevent such occurrences in the future.