Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
221000 ZDNET 2021-11-22:
Over a million WordPress sites breached
1.000 Find similar Compare side-by-side
220965 TECHREPUBLIC 2021-11-22:
GoDaddy security breach impacts more than 1 million WordPress users
0.966 0.641 Find similar Compare side-by-side
221019 ZDNET 2021-11-22:
Data from millions of Brazilians exposed in Wi-Fi management software firm leak
0.023 0.493 Find similar Compare side-by-side
220831 ZDNET 2021-11-22:
Hackers used this software flaw to steal credit card details from thousands of online retailers
0.378 Find similar Compare side-by-side
220984 ZDNET 2021-11-23:
TIO wants telcos to have 24-hour fraud hotline
0.349 Find similar Compare side-by-side
221026 ZDNET 2021-11-23:
Code execution bug patched in Imunify360 Linux server security suite
0.315 Find similar Compare side-by-side
221040 ZDNET 2021-11-22:
NextDC takes one-fifth stake in AUCloud during $35m capital raising
0.313 Find similar Compare side-by-side
220908 ZDNET 2021-11-24:
DBS Bank blames 'access control servers' for two-day service disruption
0.301 Find similar Compare side-by-side
220989 VENTUREBEAT 2021-11-19:
API security ‘arms race’ heats up
0.290 Find similar Compare side-by-side
220820 ZDNET 2021-11-19:
When NBN promo deals end, customers and telcos revert to old speeds
0.286 Find similar Compare side-by-side
221024 ZDNET 2021-11-23:
TechOne readies to reap rewards as on-prem customers transition to SaaS ERP platform
0.285 Find similar Compare side-by-side
220951 ZDNET 2021-11-23:
DBS Bank offers few details about hours-long service disruption
0.280 Find similar Compare side-by-side
221035 ZDNET 2021-11-21:
For a limited time, new users can get a lifetime of VPNSecure Online Privacy for just $40
0.278 Find similar Compare side-by-side
220823 ZDNET 2021-11-23:
Ransomware warning: Hackers see holidays and weekends as a great time to attack
0.277 Find similar Compare side-by-side
221010 VENTUREBEAT 2021-11-23:
No-code conversational sales solutions provider Whatslly gets $11M
0.275 Find similar Compare side-by-side
220994 VENTUREBEAT 2021-11-19:
Report: 70% of IT pros say security hygiene has gotten harder over past two years
0.275 Find similar Compare side-by-side
220922 ZDNET 2021-11-24:
Mozilla ends support for Firefox Lockwise password management app, strands iOS users
0.271 Find similar Compare side-by-side
221169 ZDNET 2021-11-25:
Black Friday shopping? FBI says beware of these holiday scams and phishing threats
0.271 Find similar Compare side-by-side
221066 ZDNET 2021-11-23:
Ethical Hacking, book review: A hands-on guide for would-be security professionals
0.270 Find similar Compare side-by-side
220636 ZDNET 2021-11-19:
FBI warning: This zero-day VPN software flaw was exploited by APT hackers
0.267 Find similar Compare side-by-side
220962 VENTUREBEAT 2021-11-23:
Web app dev platform Vercel lands $150M
0.266 Find similar Compare side-by-side
221056 ZDNET 2021-11-22:
Siemens' new system helps companies track emissions across the supply chain
0.264 Find similar Compare side-by-side
220655 ZDNET 2021-11-19:
Microsoft warning: Now Iran's hackers are attacking IT companies, too
0.264 Find similar Compare side-by-side
221004 TECHREPUBLIC 2021-11-19:
8 advanced threats Kaspersky predicts for 2022
0.263 Find similar Compare side-by-side
220914 TECHREPUBLIC 2021-11-23:
How to identify social media misinformation and protect your business
0.262 Find similar Compare side-by-side

1

ID: 221000

URL: https://www.zdnet.com/article/over-a-million-godaddy-managed-wordpress-sites-cracked/

Date: 2021-11-22

Over a million WordPress sites breached

UPDATED: WordPress site owners hosted by GoDaddy have had their data exposed -- for months. WordPress is far more than just blogs. It powers over 42% of all websites. So whenever there's a WordPress security failure, it's a big deal. And now GoDaddy, which is the top global web hosting firm with tens of millions more sites than its competition, reports that data on 1.2 million of its WordPress customers has been exposed. Best VPN service 2021 Every remote worker should consider a virtual private network to stay safe online. Read More In a Securities and Exchange Commission (SEC) filing, GoDaddy's chief information security officer ( CISO) Demetrius Comes said they've discovered unauthorized access to its managed WordPress servers. To be exact the breach opened information on 1.2 million active and inactive managed WordPress customers since September 6, 2021.  This managed service, according to WordPress, is streamlined, optimized hosting for building and managing WordPress sites. GoDaddy handles basic hosting administrative tasks, such as installing WordPress, automated daily backups, WordPress core updates, and server-level caching. These plans start at $6.99 a month.  Customers had both their email addresses and customer numbers exposed. As a result, GoDaddy warns users that this exposure can put users at greater risk of phishing attacks. The web host also said that the original WordPress admin password, created when WordPress was first installed, has also been exposed. So if you never changed that password, hackers have had access to your website for months. In addition, active customers had their sFTP and database usernames and passwords exposed. GoDaddy has reset both these passwords. Finally, some active customers had their Secure-Socket Layer (SSL) private key exposed. GoDaddy is currently reissuing and installing new certificates for those customers. WordFence, a WordPress security company, says in their report, "It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker direct access to password credentials without the need to crack them." GoDaddy has announced that its investigation is ongoing. The company is contacting all impacted customers directly with specific details. Customers can also contact GoDaddy via its help center. This site includes phone numbers for users in affected countries. At this time, that's all the information GoDaddy has made public about the breach. Related Stories: