They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. While the company took immediate action to mitigate the damage, the attacker had more than two months to establish persistence, so anyone currently using GoDaddy’s Managed WordPress product should assume compromise until they can confirm that is not the case. Note that this number does not include the number of customers of those websites that are affected by this breach, and some GoDaddy customers have multiple Managed WordPress sites in their accounts.Īccording to the report filed by GoDaddy with the SEC, the attacker initially gained access via a compromised password on September 6, 2021, and was discovered on Novemat which point their access was revoked. This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers. Here’s part of the article published by Wordfence Security on November 22, 2021: They’ve been around long enough that they should be writing the book on “industry best practices”. This company has been around long enough that they should be, at minimum, following “industry best practices” in security. But this was a mistake that was preventable by following best practices. It would be remiss for me to not update this article with the news of GoDaddy’s WordPress Hosting customers having their accounts breached for over 2 months.
UPDATE 11/22/21: GoDaddy Managed WordPress Breached
0 kommentar(er)
