fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

GoDaddy Data Breach Hits WordPress Hosting Services Resellers

GoDaddy Data Breach Hits WordPress Hosting Services Resellers

GoDaddy says the recently disclosed data breach affecting roughly 1.2 million customers has also hit multiple Managed WordPress services resellers.

According to Dan Rice, VP of Corporate Communications at GoDaddy, the six resellers also impacted by this massive breach are tsoHostMedia Temple123RegDomain FactoryHeart Internet, and Host Europe.

GoDaddy acquired these brands after buying web hosting and cloud services companies Host Europe Group in 2017 and Media Temple in 2013.

” A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident,” Rice told WordPress security firm Wordfence.

“No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”

Also Read: PDP Act (Personal Data Protection Act) Laws and Regulation

Hacked using a compromised password

The data breach was discovered by GoDaddy last Wednesday, on November 17, but, as separately revealed in a Monday filing with the US Securities and Exchange Commission, the customers’ data was exposed since at least September 6, 2021, after unknown threat actors had access to the company’s Managed WordPress hosting environment.

“Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to certain authentication information for administrative services, specifically, your customer number and email address associated with your account; your WordPress Admin login set at inception; and your sFTP and database usernames and passwords,” GoDaddy told customers in data breach notification letters sent this week.

“What this means is the unauthorized party could have obtained the ability to access your Managed WordPress service and make changes to it, including to alter your website and the content stored on it.”

The attackers had access to the following GoDaddy customer information after breaching the company’s provisioning system for Managed WordPress:

  • Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
  • The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.
  • For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.
  • For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.

GoDaddy has not yet published a public statement regarding this data breach on its website.

Also Read: What Does Resolution Of Data Really Means

Not the first rodeo

This is not the first data breach or cybersecurity incident the web hosting giant’s has disclosed in recent years.

Another breach was revealed last year, in May, when GoDaddy alerted customers that hackers used their web hosting account credentials to connect to their hosting account via SSH.

GoDaddy’s security team discovered the breach after finding an altered SSH file in the company’s hosting environment and noticing suspicious activity on a subset of GoDaddy’s servers.

In 2019, GoDaddy injected JavaScript into US customers’ sites without their knowledge, potentially rendering them inoperable or impacting the websites’ overall performance.

GoDaddy is one of the largest web hosting companies and domain registrars, providing services to over 20 million customers worldwide.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us