According to Godaddy, a third party with bad purposes tried to take access to the company’s Managed WordPress storage environment from September 2021 through a stolen password. The bad guy uses this password to get the sensitive information related to its customers. It is still unclear whether this password is secured by authenticating two factors.
Godaddy revealed that the company discovered the incident on November 17. The following information is said to have been accessed by the invaders:
• Email address and 1.2 million customers are operating and inactive of Managed WordPress.
• Origninal WordPress administrator password at the time of exposure.
• SFTP, username data and password are linked to the operating customers of the company.
• SSL individual lock for a small group of operating customers.
Godaddy said it is preparing to issue and install new certificates for affected customers. The company also reset the affected passwords and strengthen the supply system and additional security measures.
Mark Maunder, the CEO of Worfence, said: “The way Godaddy stores SFTP passwords is in the form of clear versions, instead of chopping functions or providing additional public authentication measures. Both of the following methods are good security methods.”
The exposure of email addresses and passwords can lead to the risk of fraudulent attacks, not to mention the case of attackers who can penetrate WordPress pages to exist holes to upload to malware and access other personal identification information stored in it.
Also according to Maunder: “On the website with an SSL individual lock, the attacker can decode traffic by the SSL individual lock, just successfully perform the Man-in-Middle attack (MITM) blocking the coding traffic between a website visitors and an affected website.”
