GoDaddy, 123Reg hacked
On 22nd November 2021, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites. The following day, GoDaddy revealed that the hack also affected their reseller brands, including 123Reg, tsoHost, Media Temple, Domain Factory, Heart Internet and Host Europe. This hack affected around 1.2M WordPress customers.
According to GoDaddy, the attacker gained access to their system through a compromised password. They are not saying whether the password was one of their employees’ or one of their clients’. Access to this account was immediately stopped, but there was a window of about 2 months where the attacker could set up other ways to maintain access.
Now comes the juicy part – GoDaddy had been storing some login credentials in plain text, which should never be done; it’s akin to writing your PIN on the back of your credit card. So now 1.2M customers have all their WordPress websites compromised.
What could the attacker now do?
With this information, an attacker could now delete, change or replace a user’s website. They could change passwords of existing users to that site and add new users for their own use. They could, potentially, access any information stored on the website, including names and email addresses. For e-commerce sites, this could also include details of credit card and past purchases.
Even if the hacker only got a person’s username and password, they could be used to access other websites.
What should I do now?
If you have a WordPress website hosted by any of these companies, there are several things you should do immediately:
I would also recommend changing your GoDaddy, 123Reg etc. password. Although there’s no evidence of these being compromised, you can’t be too safe.
And – if you have used the same password anywhere else, then change that. I’ve written “Tips for keeping your password safe and secure” which should help you.
You can read more about this on the Wordfence blog – “GoDaddy Breached – Plaintext Passwords – 1.2M Affected” and “GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe“.
And finally, if you want to talk about this, or need any help, please get in touch.