Over 1mn WordPress users' data hacked, GoDaddy says; phishing attacks feared | Tech News

Over 1mn WordPress users' data hacked, GoDaddy says; phishing attacks feared

GoDaddy has revealed that the data of 1.2 mn WordPress users has been exposed to hackers. Phishing attacks on these people is feared now.

| Updated on: Aug 21 2022, 22:00 IST
After WordPress users' data hacked, GoDaddy reset all the passwords, but phishing attacks are feared now. (Pixabay)

The web hosting company GoDaddy Inc reported on Monday that active as well as inactive email addresses of up to 1.3 million WordPress accounts were exposed in an unauthorized third-party. Now, there are widespread fears of phishing attacks being launched on those WordPress users whose data was breached. An unauthorised third party got access to the provisioning system in GoDaddy's legacy code base for Managed WordPress by using a compromised password. The company mentioned in the blogpost that they discovered the incident on November 17.

“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Demetrius Comes, the Chief Information Security Officer of GoDaddy said in the blog post.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

After identifying the incident, the web hosting company immediately blocked the unauthorised third party from the system and the investigation is going on. However, a GoDaddy blog post revealed that from the beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to up to 1.2 million WordPress customers with their email address and contact numbers. The exposure of email addresses hints towards the risk of phishing attacks.

Also read
Looking for a smartphone? To check mobile finder click here.

What action did GoDaddy take against the data breach?

In addition to the email addresses and mobile numbers, the original WordPress Admin passwords that used to be set at the time of provisioning were exposed. The chief Information Security Officer informed that if those credentials were still in use then GoDaddy reset those passwords.

Similarly, the sFTP and database usernames and passwords of active customers were exposed, whose passwords are not reset. Additionally, the SSL key was exposed for a subset of active customers, in regard to that company mentioned that, "We are in the process of issuing and installing new certificates for those customers."

The blog post further stated that the investigation is still going on and GoDaddy is directly contacting all the impacted customers with specific details. The company also asked that if customers want to contact via mentioned phone numbers on the website based on their country or can visit the help center at https://www.godaddy.com/help.

“We (GoDaddy) will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” the company said in the statement.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 24 Nov, 16:27 IST