GoDaddy WordPress Hacked
WEBPRO International
In a data breach notification on November 17th, GoDaddy said data (which means your private data) up to 1.2 million accounts was exposed after hackers gained access to the company's Managed WordPress hosting platform. This is GoDaddy’s fifth cyber-crime since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.
The incident was finally discovered by GoDaddy on November 17th, but sources said the attackers had access to the network since September 6, 2021. Turing back the calendar to October 19, 2019, GoDaddy experienced a security breach that affected 28,000 hosted accounts. That break-in lasted for a period of six months before it was detected by the GoDaddy’s security team on April 23, 2020.
That tells me GoDaddy’s 7000 or so employees were asleep at the switch! Go Bob!
Security By Obscurity
By definition, in this case was possibly an attempt to increase security by keeping critical elements of a security strategy secret. A couple of examples could be concealing a script or algorithm implemented in a cryptographic system or keeping a password secret only to be exploited through a weak environment like --- WordPress. Oddly enough SolarWinds hackers may have accessed Microsoft source code in the same manner a year ago December in 2020. Happy Anniversary Microsoft!
Imagine if you will …
A bear rummaging through your refrigerator for 6 months. At some point you’re going to get a case of the munchies and head for the kitchen for a late-night snack-a-roo. What are the odds of you running into boo boo bear with a glass of milk in one paw and a peanut butter and jellystone sandwich in the other? Who misses stuff that important? I mean damn! Everyone and I mean everyone has been hit at one time or another in their career some hacking turd but leaving your fridge open for 6 months?
You may have heard me from time to time state my discontent regarding WordPress. Face it, it’s a canned blog and a weak one at best.
Think about what these icebox raiders grabbed per Threat Post:
• Emails and customer numbers for 1.2 million active and inactive Managed WordPress customers
• sFTP and database usernames and passwords for active customers (passwords are now reset)
• SSL private keys “for a subset of active customers,” used to authenticate websites to internet users, enable encryption and prevent impersonation attacks – ya know – spoofing!
GoDaddy is in the process of issuing and installing new certificates (which costs them nothing) for affected customers. Makes me wonder how the rest of their 19.8 million customers are feeling right now?
Here’s my take away and it should be yours. If you’re dabbling with WordPress just to get something out quick and dirty, remember you could be potentially placing your information at risk on multiple levels.
In my opinion, using any product left unsupervised is like leaving your front door wide open, and if you think of using WordPress for an industrial or commercial web project, – especially if it involves ecommerce, you better think again Homer.
Doh-Daddy!