A major breach of GoDaddy was disclosed on November 22nd affecting some 1.2 accounts, as well as “Managed hosting” accounts that are affiliated with GoDaddy through Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe.
Apparently the hackers had access for over two months before the breach was discovered.
One of the biggest flaws exposed in this breach is that GoDaddy was storing your passwords as unencrypted plain text. That means the hackers didn’t even have to go through the trouble of decrypting to gain access to your account, FTP/SFTP, database, etc. GoDaddy is auto-resetting database and some other passwords, as well as SSL certificate keys which were potentially breached.
What Should I Do If I’m Affected?
If you use GoDaddy to host your WordPress site, here are a few (strong) recommendations to protect your website and your hosting account:
1. Reset your WordPress admin password.
2. Implement two-factor authentication for WordPress admin accounts.
3. Review your website’s security logs to see if there are unexpected logins to admin accounts.
4. Force a password change for all users at Contributor or higher level.
5. Log in to GoDaddy and change an FTP or SFTP or other passwords associated with your account or sites.
See details in the iThemes link below for details on all the above.
To be honest, we at ProtectYourWP and SustainableSources have never particularly liked GoDaddy, and though we reluctantly concede that they’ve gotten better in recent years we still suggest that you find a better hosting solution! So when they use the tagline in their advertising “It’s Go Time!”, we feel it’s more appropriate to say “It’s Go AWAY Time!”
Be on Guard for an Increase in Phishing Emails
There’s a good probability that various hackers/scammers will use the breached data to extend their attacks to other services by sending out phishing email.