The data leak that GoDaddy failed to detect for two months has also impacted six of its subsidiaries. This means the breach was worse than first thought, and many were vulnerable for at least the past two months.
The six impacted hosting providers are—123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost. The fact that the same breach affected all of them becomes evident by looking at intrusion dates.
At least two of the listed companies warned customers of intrusions that lined up with the dates of breaches into GoDaddy’s network.
In its initial statement, GoDaddy said the incident affected 1.2 million active and inactive managed WordPress accounts. The breach exposed account owners’ email addresses, original admin passwords, and customer numbers, putting them at risk of phishing and intrusion.
With six additional providers compromised, there’s no telling where the number of victims now stands. GoDaddy has gone about resetting passwords and issuing new SSL certificates, but its subsidiaries are still determining the best course of action.
Getting Ahead
Initial reports pointed out there was possibly more to the breach.
Despite the new information, caution is still urged. There could be even more, as GoDaddy’s investigation is ongoing.
GoDaddy is one of the biggest domain registrars in the world that later branched out into hosting. Right now, it is the largest web hosting provider by market share, but it owns a plethora of other hosting providers. It acquired tsoHost, a good hosting choice in the UK, back in 2016 in a bid to expand in the European hosting market.
This breach is particularly troubling given what the afflicted GoDaddy companies specialize in. While they’re mostly WordPress hosting solutions, they are also widely used for WooCommerce specifically. This means monetary transactions and sensitive information are potentially at risk.
So far, GoDaddy hasn’t been able to tell who the hackers are or what exactly they were doing. It may be a while until it reveals this information.
Garan is a writer interested in how tech reshapes the environment, and how the environment reshapes tech. You'll usually find him inoculating against future shock and arguing with bots.
