Click here to read the WordFence blog post about the breach.GoDaddy announced this morning that they have been breached. Our team took a deep dive into the breach and found that GoDaddy appears to have stored passwords in plaintext, or in a format that could be reversed back into plaintext, which is not an industry best practice.
We confirmed this by signing into a GoDaddy Managed WordPress Hosting Account and verifying that we were able to view our own sFTP password. That means the attacker didn't need to crack the passwords and could likely retrieve them directly.
According to GoDaddy's own SEC filing: "For active customers, sFTP and database usernames and passwords were exposed."
The attacker had access to GoDaddy's systems for over two months before they were discovered.
GoDaddy Hacked!
Moderator: Wiz Feinberg
GoDaddy Hacked!
A lot of people use GoDaddy to host their personal or small business web sites. I've ranted about their business practices before, ever since a friend discovered that it's impossible to cancel their billing, but this is something else. I get a newsletter from WordFence, a WordPress security plugin company. This just appeared in my mailbox today:
-𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video
-
Wiz Feinberg
- Posts: 6091
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- Contact:
OMG! This is impactful on many levels to both site owners and their customers/readers.
WordPress is a constant target for hackers and Bots. The probes come all day and all night from all four corners of the World. New vulnerable files are discussed and shared, then those files are sought out. Today's main target is named: emergency.php. It is an emergency password reset file for use by the WordPress admin when he or she loses or forgets their admin password. The file is so insecure that the author recommends deleting it immediately after using it. But, it appears that many admins are overlooking this last step.
WordPress is a constant target for hackers and Bots. The probes come all day and all night from all four corners of the World. New vulnerable files are discussed and shared, then those files are sought out. Today's main target is named: emergency.php. It is an emergency password reset file for use by the WordPress admin when he or she loses or forgets their admin password. The file is so insecure that the author recommends deleting it immediately after using it. But, it appears that many admins are overlooking this last step.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
An update from WordFence. Not good news:
DetailsWe have received confirmation from GoDaddy that the breach has widened to GoDaddy Managed WordPress resellers that include tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe.
We have verified that these hosts are using the same provisioning system that allows sFTP passwords to be retrieved in plain text.
-𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video