GoDaddy data breach and what you should do now

2021年11月17日,世界最大的互联网域名注册及网站托管服务提供商GoDaddy(godaddy.com)披露其托管的Wordpress托管环境(Managed WordPress hosting environment)被不明第三方非法侵入,可能导致约120万wordpress客户的电邮地址和客户号被窃。

GoDaddy已向美国证监会(SEC)正式报备,filing全文如下:

November 22, 2021
GoDaddy Announces Security Incident Affecting Managed WordPress Service
On November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment. Here is the background on what happened and the steps we took, and are taking, in response:
We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.
Upon identifying this incident, we immediately blocked the unauthorized third party from our system. Our investigation is ongoing, but we have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information:
•Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
•The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.
•For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.
•For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.
Our investigation is ongoing and we are contacting all impacted customers directly with specific details. Customers can also contact us via our help center (https://www.godaddy.com/help) which includes phone numbers based on country.
We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.
Demetrius Comes
Chief Information Security Officer

*https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm

GoDaddy已第一时间展开了内部调查。

WordPress是最受欢迎的网站内容管理系统。全球有大约40%的网站都是使用WordPress架设网站的。

很多wordpress的初级用户都懒得修改系统初始管理员密码,如admin123,这一点很致命。

如果你的网站使用的也是wordpress,请立即检查是否已重置初始密码,并修改管理员密码。

以下两个网站供你参考:

怎样重置wordpress管理员密码?

WordPress: How to change or reset your admin password?


Read more:

https://thehackernews.com/2021/11/godaddy-data-breach-exposes-over-1.html