The recent GoDaddy breach that impacted more than 1.2 million users isn’t limited just to that web hosting company, but affected a whole slew of resellers.
A day after the breach occured, the company announced how tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe were also all affected.
As reported by Wordfence, GoDaddy VP of Corporate Communications, Dan Rice, said: “A small number of active and inactive Managed WordPress users at those brands were impacted by the data loss incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”
While tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe were bought out by GoDaddy in 2017, Media Temple was acquired back in 2013.
Both Media Temple and tsoHost have already begun sending out emails to warn users of the data breach.
It seems that all of the impacted hosting providers use the same URL, starting with https://myh.secureserver.net/#/hosting/mwp/v1/ for provisioning, account management, and configuration of their Managed WordPress offers. What’s more, they store sFTP passwords which can then be found, in plaintext.
As per the earlier report, a malicious actor used a compromised password to access GoDaddy’s database sometime around September 6. It took GoDaddy more than a month to spot the intrusion, as it said it discovered the breach on November 17.
The 1.2 million active and inactive users that were compromised in this attack have had their email addresses and customer numbers exposed, the company further said. It warned that these sites were at additional danger of possible phishing attacks, and said that the original WordPress admin password, which gets created with the first installation of WordPress, is also exposed. Meaning, if the webmasters fail to change the “factory” password, their websites could be in particular danger.
GoDaddy has more than 20 million customers worldwide.