GoDaddy Data Breach 2021: What Has Been Compromised?

An image of a hacker, like one who may have been involved in GoDaddy Data Breach 2021.

GoDaddy, the world’s most-utilized domain registrar, has announced a data breach that affects up to 1.2 million active and inactive managed WordPress users. After a 2019 breach was discovered in Spring 2020, GoDaddy Data Breach 2021 is upon us.

The company discovered the cyberattack on November 17, 2021. It was disclosed to the Securities and Exchange Commission (SEC) on November 22.

The attacker gained initial access on September 6 using a compromised password. GoDaddy locked the intruder out of their system upon discovery over two months later.

GoDaddy Data Breach 2021: What has been compromised?

  • E-mail addresses for 1.2 million accounts
  • Original WordPress admin passwords of the compromised accounts
  • SSL keys for some clients

“GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords or providing public key authentication,” Wordfence CEO Mark Maunder says, “…both (are) industry best practices.”

GoDaddy says they have reset passwords of all affected accounts and are regenerating security certificates where necessary. They also say they have already contacted all impacted customers.

Resellers of GoDaddy’s managed WordPress have been affected as well, including Host EuropeHeart InternetDomain Factory123RegMedia Temple and tsoHost.

GoDaddy recently had a data breach on October 2019, which they reported six months later in May 2020.

Among more obvious issues, the hack heightens the risk of phishing attempts. Companies using the GoDaddy managed WordPress platform should be wary of suspicious emails.

IT Support Guys clients are aware of the incident, even those who are not compromised. We have established a task force, taking appropriate measures to recover and reinforce any compromised accounts.

If you worry that your account is currently logged into a device that you do not manage, check active sessions here.

If you are locked out of your account or domain, you can begin the process to regain access here.

ITSG urges all companies to use multi-factor authentication immediately, in addition to changing passwords for all domains they own. With MFA, a cyber attacker will also need something in the possession of you or another employee to gain access to your account.

With a managed WP Engine partner like IT Support Guys, companies can have all their security updates and plugins handled proactively. Managed WordPress means peace of mind.

Without ITSG’s Managed Microsoft 365 or Google Workspace plan, you may be missing the necessary monitoring of your domain registration and DNS records. With it, companies get secure domain registration, DNS records, MX records, and web hosting.

If you are interested in finding out more about IT Support Guys’ managed WordPress, Microsoft 365, or Google Workspace plans, get on a call with our Virtual CIO ASAP. Call us today at (855) 4IT-GUYS, or schedule an appointment with the vCIO today.