GoDaddy Security Breach Exposes WordPress Users' Data (reuters.com) 9
Web hosting company GoDaddy said on Monday email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed in an unauthorized third-party access. From a report: The company said the incident was discovered on Sept. 6 and the third-party accessed the system using a compromised password.
Waiting.... (Score:5, Interesting)
... for the other shoe to drop, and GoDaddy to reveal what else was leaked as well as e-mail addresses.
From the article this was detected due to an unusual access pattern from a compromised account. That's not usually just reading people's e-mail addresses. What aren't they telling us??
Re:Waiting.... (Score:5, Insightful)
... for the other shoe to drop, and GoDaddy to reveal what else was leaked as well as e-mail addresses.
From the article this was detected due to an unusual access pattern from a compromised account. That's not usually just reading people's e-mail addresses. What aren't they telling us??
I don't know what all access their WordPress admins have, but whatever they have is now compromised.
And it is surely a lot more than email addresses.
Re: (Score:3)
3 months after the fact too, by now that data will have been sold on multiple times and abused as much as possible.
Re: (Score:3)
They waited 3 months to disclose this. We can be sure they have more to disclose, and it won't be pretty.
Another reason I'd rather run my WP site on a Raspberry, I tend not to lie to myself. Of course, I don't have the extraordinary resources to be sure my site is secure, cause you know, bigger is better. /s
I have used custom email addresses (Score:3)
So... what's the problem? (Score:1)
The idea behind 3rd party hosting is that you have someone else to blame when the inevitable security breach happens. You wouldn't use it for your data, but someone else's.
If you want something truly secure, you have to do it yourself. However, if you only need to show that you've done "due diligence" with respect to your customer's data, third party hosting services are a real solution, because:
Probably user phone numbers (Score:2)
I just got my first ever domain name related spam call, for an undeveloped domain I have under private registration at GoDaddy, specifically trying to sell me wordpress development services.
There is an article to explain further findings (Score:1)