Godaddy notified the SEC they had their systems breached. If you have a wordpress site on godaddy change your passwords(lal of them..your wordpress admin, ftp, database, and your primary account password). Several other brands that GoDaddy acquired were also part of the compromise to include:
The details are at the following two links.
What happened is Godaddy was storing passwords for their Managed WordPress customers in a text format. This text was not encrypted, hashed, or any type of security applied to the database. When their systems got compromised this time(there’s been multiple others) these credentials were easily accessible and easily readable. The compromise was going for at least two months. Here’s what you should do if you have a word press site on GoDaddy:
- If you’re running an e-commerce site, or store PII (personally identifiable information), and GoDaddy verifies that you have been breached, you may be required to notify your customers of the breach. Please research what the regulatory requirements are in your jurisdiction, and make sure you comply with those requirements.
- Change all of your WordPress passwords, and if possible force a password reset for your WordPress users or customers. As the attacker had access to the password hashes in every impacted WordPress database, they could potentially crack and use those passwords on the impacted sites.
- Change any reused passwords and advise your users or customers to do so as well. The attacker could potentially use credentials extracted from impacted sites to access any other services where the same password was used. For example, if one of your customers uses the same email and password on your site as they use for their Gmail account, that customer’s Gmail could be breached by the attacker once they crack that customer’s password.
- Enable 2-factor authentication wherever possible. The Wordfence plugin provides this as a free feature for WordPress sites, and most other services provide an option for 2-factor authentication.
- Check your site for unauthorized administrator accounts.
- Scan your site for malware using a security scanner.
- Check your site’s filesystem, including
wp-content/plugins
andwp-content/mu-plugins
, for any unexpected plugins, or plugins that do not appear in the plugins menu, as it is possible to use legitimate plugins to maintain unauthorized access. - Be on the lookout for suspicious emails – phishing is still a risk, and an attacker could still use extracted emails and customer numbers to obtain further sensitive information from victims of this compromise.
If you are a GoDaddy customer and have a WordPress site and think your site could be compromised Contact US to scan your site and make sure it is secure. If you look at the list above and are not sure Contact US for a website evaluation. If you want to evaluate competitive, secure hosting you can go to the hosting page to get information about out hosting offerings. You can listen to an interview about our hosting vs companies like GoDaddy and BlueHost.