Yesterday, GoDaddy shared details of a hacking incident that affected 1.2 million managed WordPress accounts. The data breach was discovered on November 17 but it seems the incident took place approximately 70 days earlier.
The cybercriminals used a compromised password to gain access to the GoDaddy managed WordPress hosting environment, which gave them access to contact information and database credentials for these customer accounts.
GoDaddy is currently investigating the hack having involved a forensics team and law enforcement. It also reported the incident to the US Securities and Exchange Commission.
The incident begs the question: Are your domain names safe at GoDaddy after the hacking incident?
No system is 100% secure, as seen at the Epik data leak that affected much more than this. In the case of the GoDaddy hacking incident, only credentials to managed WordPress hosting accounts appear to have been compromised.
What that means: As long as one didn’t use the same password for WordPress and their domain account at GoDaddy, even if the customer account numbers are revealed, the domains can’t just move out.
GoDaddy is a very secure domain registrar and incidents of domain theft involve phishing incidents, spyware or malware installed, or insider attacks such as disgruntled customer employees. There are some reported cases of domain theft that utilized social engineering but are extremely rare.
GoDaddy has already reset the credentials for the affected accounts hosting the WordPress content and should be stepping up security to ensure its customer assets are safe. It’s a good idea, however, to change one’s password at GoDaddy and to ensure that two factor authentication via the auth app is enabled.
While the incident is by no means small, it does create a headache for GoDaddy support; these managed WordPress accounts are essentially customers with limited technical knowledge that will have to be taken by the hand every step of the way.
