A recent GoDaddy data breach extended from the hosting provider to several sister companies that resell GoDaddy Managed WordPress, according to a third-party media report.
The impacted resellers, according to WordFence, include:
Those Managed WordPress resellers have contacted their respective customers with specific details and recommended action items, GoDaddy told WordFence.
GoDaddy 2021 Data Breach Details
The GoDaddy breach investigation is ongoing, according to a November 22 blog from CISO Demetrius Comes. The CISO noted:
GoDaddy on November 17, 2021, discovered unauthorized third-party access to its Managed WordPress hosting environment.
The unauthorized access apparently began on September 6, 2021.
Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, GoDaddy reset those passwords.
For active customers, sFTP and database usernames and passwords were exposed. GoDaddy reset both passwords.
For a subset of active customers, the SSL private key was exposed. GoDaddy is in the process of issuing and installing new certificates for those customers.
GoDaddy: AWS Bucket Misconfiguration Exposes Data
GoDaddy has suffered data exposure issues before. For instance, an Amazon Web Services (AWS) Simple Storage Service (S3) bucket error in 2018 exposed GoDaddy configuration information from the company’s servers.
MSSPs, meanwhile, have been embracing Cloud Security Posture Management (CSPM) tools to ensure customers properly configure their AWS, Microsoft Azure and Google Cloud Platform (GCP) workloads.