GoDaddy breach widens to include reseller subsidiaries
123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost also affected
The recent GoDaddy breach which affected 1.2 million customers has now widened to include subsidiaries that resell the firm’s Managed WordPress offering.
The hosting company has revealed that the companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost.
GoDaddy confirmed to Wordfence that several of the resellers’ customers have been affected by the attack, which is said to have exposed email addresses, customer numbers, administrative login details, and even SSL private keys since it began.
The hosting giant stopped short of confirming how many additional users have now been affected, however.
“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost,” Dan Rice, vice president of corporate communications at GoDaddy, revealed to Wordfence.
“A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”
As reported by our sister website ITPro, GoDaddy revealed in a public filing to the SEC that an intruder had gained entry to its Managed WordPress hosting environment on Nov 17, having used a stolen password to access the provisioning system for the service.
Channel Pro Newsletter
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
The company disclosed that up to 1.2 million active and former users of its managed service had their email addresses and company numbers exposed. It also had to reset passwords after sFTP and database usernames and passwords were also stolen.
Additionally, GoDaddy is currently issuing new certificates for a “subset of active customers” that had their SSL private keys exposed.
It was also discovered that the attacker had been inside the system since September 6, equating to more than two months of access to the data.
"We are sincerely sorry for this incident and the concern it causes for our customers," the company said in its filing. "We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down.
“We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection."
Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.
A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.
He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.