Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

GoDaddy Security Breach Exposes WordPress Users' Data (reuters.com) 9

Web hosting company GoDaddy said on Monday email addresses of up to 1.2 million active and inactive Managed WordPress customers had been exposed in an unauthorized third-party access. From a report: The company said the incident was discovered on Sept. 6 and the third-party accessed the system using a compromised password.
This discussion has been archived. No new comments can be posted.

GoDaddy Security Breach Exposes WordPress Users' Data

Comments Filter:
  • Waiting.... (Score:5, Interesting)

    by keithdowsett ( 260998 ) on Monday November 22, 2021 @10:35AM (#62010153) Homepage

    ... for the other shoe to drop, and GoDaddy to reveal what else was leaked as well as e-mail addresses.

    From the article this was detected due to an unusual access pattern from a compromised account. That's not usually just reading people's e-mail addresses. What aren't they telling us??

    • Re:Waiting.... (Score:5, Insightful)

      by Ol Olsoc ( 1175323 ) on Monday November 22, 2021 @10:51AM (#62010207)

      ... for the other shoe to drop, and GoDaddy to reveal what else was leaked as well as e-mail addresses.

      From the article this was detected due to an unusual access pattern from a compromised account. That's not usually just reading people's e-mail addresses. What aren't they telling us??

      I don't know what all access their WordPress admins have, but whatever they have is now compromised.

      And it is surely a lot more than email addresses.

    • by AmiMoJo ( 196126 )

      3 months after the fact too, by now that data will have been sold on multiple times and abused as much as possible.

    • They waited 3 months to disclose this. We can be sure they have more to disclose, and it won't be pretty.

      Another reason I'd rather run my WP site on a Raspberry, I tend not to lie to myself. Of course, I don't have the extraordinary resources to be sure my site is secure, cause you know, bigger is better. /s

  • by oldgraybeard ( 2939809 ) on Monday November 22, 2021 @12:52PM (#62010521)
    for years. So I know when addresses become public. The truth is most all companies/levels of government sell or lose control of the data they collect. Everything you give to companies/government should be considered public.
  • The idea behind 3rd party hosting is that you have someone else to blame when the inevitable security breach happens. You wouldn't use it for your data, but someone else's.

    If you want something truly secure, you have to do it yourself. However, if you only need to show that you've done "due diligence" with respect to your customer's data, third party hosting services are a real solution, because:

    1. They are paid with by your employer's money, not your own, and
    2. They take the blame for security, or the lac
  • I just got my first ever domain name related spam call, for an undeveloped domain I have under private registration at GoDaddy, specifically trying to sell me wordpress development services.

  • The SEC filing indicates that the attacker had access to user email addresses and customer numbers, the original WordPress Admin password that was set at the time of provisioning, and SSL private keys. Link: https://www.wordfence.com/blog... [wordfence.com]

A computer lets you make more mistakes faster than any other invention, with the possible exceptions of handguns and Tequilla. -- Mitch Ratcliffe

Working...