GoDaddy hack also affects hosting resellers

Sicherheit (Pexels, allgemeine Nutzung)[German]A few days ago, the US registrar and hoster GoDaddy made public a major hack in which the attacker had access to 1.2 million customer records. My mind immediately went "is HostEurope as a subsidiary also affected". In the meantime, I read reports that HostEurope was also affected. A request to the support has the night adhoc nothing, but the answer of the specialist department is still pending.


GoDaddy hack affects 1.2 million customers

The US hoster GoDaddy has become the victim of a cyber attack and has also confirmed this in a notification to the US Securities and Exchange Commission on November 22, 2021. As early as November 17, 2021, the hoster's technicians discovered an unauthorized third-party access to the Managed WordPress hosting environment in use. I've blogged about that here.

The attacker, who used a compromised password to gain access to the provisioning system of GoDaddy's legacy codebase for Managed WordPress, was indeed immediately locked out of the system. The incident exposed up to 1.2 million active and inactive Managed WordPress customers, along with their email address and customer number. The original WordPress administrator password to deploy the package was also likely tapped (those passwords have already been reset).

But usernames and passwords for sFTP and the database of active users were also exposed (the passwords have been reset). And for a subset of active customers, the private SSL key was exposed.

Auch Hosting-Reseller betroffen

The colleagues at Bleeping Computer write in this article that resellers of WordPress hosting packages are also affected. I have been alerted about the following tweet.

GoDaddy Hack


The reference is to Dan Rice, vice president of corporate communications at GoDaddy, who states that six resellers are also affected by this massive breach. Named are tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet and Host Europe.

Rice likely confirmed this to WordFence, which made the statement public within the blog post GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe. WordFence cited Rice:

The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.

In a letter (see following screenshot) I read that the investigation showed that the accesses occurred as early as September 6, 2021.

GoDaddy data breach

Details can be found in the WordFence article. Since I run the blogs here at HostEurope under WordPress, I asked their support. I got the answer, that only a few customers are affected, all has been notified – I wasn't affected.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *