GoDaddy, 123Reg hacked

GoDaddy, 123Reg hacked

On 22nd November 2021, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites. The following day, GoDaddy revealed that the hack also affected their reseller brands, including 123Reg, tsoHost, Media Temple, Domain Factory, Heart Internet and Host Europe. This hack affected around 1.2M WordPress customers.

What happened?

According to GoDaddy, the attacker gained access to their system through a compromised password. They are not saying whether the password was one of their employees’ or one of their clients’. Access to this account was immediately stopped, but there was a window of about 2 months where the attacker could set up other ways to maintain access.

Now comes the juicy part – GoDaddy had been storing some login credentials in plain text, which should never be done; it’s akin to writing your PIN on the back of your credit card. So now 1.2M customers have all their WordPress websites compromised.

What could the attacker now do?

With this information, an attacker could now delete, change or replace a user’s website. They could change passwords of existing users to that site and add new users for their own use. They could, potentially, access any information stored on the website, including names and email addresses. For e-commerce sites, this could also include details of credit card and past purchases.

Even if the hacker only got a person’s username and password, they could be used to access other websites.

What should I do now?

If you have a WordPress website hosted by any of these companies, there are several things you should do immediately:

  • Change all the FTP and sFTP passwords that access your WordPress back end. FTP/sFTP are protocols that allow files to be uploaded and downloaded to your website. You would do this through the control panel for your website. Don’t worry if you don’t know what this is your web developer will (if they don’t, then contact me, and I’ll see if I can help).
  • Change the database username and password. WordPress uses a database to store all the information about your website – page content, location of images, user login details, and other information required for your website to run correctly. You need to change the username and password in the control panel and in the WordPress file where it is stored. Again, your web developer can do this, or I can help.
  • Ask your users to reset their passwords, or better still, force them to do this next time they log in. This article, How to Force Users to Change Passwords in WordPress – Expire Password, explains how to do this.

I would also recommend changing your GoDaddy, 123Reg etc. password. Although there’s no evidence of these being compromised, you can’t be too safe.

And – if you have used the same password anywhere else, then change that. I’ve written “Tips for keeping your password safe and secure” which should help you.

You can read more about this on the Wordfence blog – “GoDaddy Breached – Plaintext Passwords – 1.2M Affected” and “GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe“.

And finally, if you want to talk about this, or need any help, please get in touch.

Summary
GoDaddy, 123Reg hacked
Article Name
GoDaddy, 123Reg hacked
Description
On 22nd November 2021, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites. The following day, GoDaddy revealed that the hack also affected their reseller brands, including 123Reg, tsoHost, Media Temple, Domain Factory, Heart Internet and Host Europe. This hack affected around 1.2M WordPress customers.
Author
Publisher Name
Network Midlands Ltd
Publisher Logo
Share

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.