In this article, we bring to your attention a data breach that has affected brands that resell GoDaddy Managed WordPress hosting. We aim to provide reassurance to our clients and give advice on what to do if you are affected by the breach as well as valuable tips that everyone should employ to help prevent hacks.
What has happened?
In an article by Ram Gall on Wordfence, it’s been revealed that on Monday, GoDaddy (US domain registrar and web hosting company) revealed that there had been a huge data breach, which impacted over 1.2 million customers. Wordfence received confirmation the following day from GoDaddy that multiple brands that resell GoDaddy Managed WordPress hosting had been impacted by the breach, including:
- tsoHost
- Media Temple
- 123Reg
- Domain Factory
- Heart Internet
- Host Europe
GoDaddy WordPress Hosting Data Breach
Dan Rice, who is VP of Corporate Communications at GoDaddy, is quoted in the article as saying “The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”
In communications via a Notice of Security Incident email to their customers, tsoHost revealed that on the 17th of November they had identified suspicious activity in their WordPress hosting environment and immediately sprang into action, acquiring the services of a third-party IT forensics team to help with their investigation and informing law enforcement of the activity.
Their ongoing investigation has uncovered that sometime around 6th September this year, a full 2 months prior to the breach being identified, an unauthorised third party gained access to authentication data, namely the customer number and email address associated with customer accounts, WordPress admin login, sFTP, database usernames and passwords. This effectively has given the hacker access to GoDaddy customer WordPress accounts and websites. With the potential for the hacker to change customer websites and the content stored on it.
Why do hackers do this?
We are asked this so often, what on earth do these people hope to gain? There can be any number of reasons why hackers decide to take the course of action that they do. In an article by cWatch, some of the common reasons for hacking, as given by hackers themselves, are: bragging rights, it’s a challenge, sabotage, blackmail, out of boredom, revenge, theft or financial gain, corporate espionage, vandalism, to lay inappropriate links to undesirable websites and extortion.
As a client of The Last Hurdle, am I affected by this breach?
No, we would like to reassure our clients that they are NOT affected in any way by this breach. We do not utilise GoDaddy or any of their brands. All our client websites are hosted on our own cloud-based servers.
What should I do if I am affected by this Data Breach?
First, follow the advice that will be given in the email notifying you of the data breach. This will likely be instructions on such necessities as how to reset your password.
Seek professional help!
If you have been affected, it’s vital to check your website for any changes that might have been made by a malicious third party. Take time to check every single detail on the front end of your site and ensure that it is correct and as it should be. Ask your web developer to scan your site for any malicious code to make sure that nothing untoward exists like unauthorised links to undesirable websites (e.g. porn, gambling and drug sites) and ask them to make changes if anything untoward is found.
Preventing hackers
Unfortunately, hackers are a part of the world in which we work in and whilst every endeavour is made to keep these people out of websites, they do best even the most secure of websites. With the likes of MI5, FBI, Sony, NHS, Apple and Amazon all having suffered hacks, what hope do us smaller fish have?
Actually, there is plenty you can do to help stay safe and secure. Here are our top tips to help prevent hacker access:
- If you have a WordPress website, install WordFence, these guys do a sterling job at alerting you of hack attempts and will limit login attempts.
- Add a CDN like Cloudflare which will help to prevent massive DOS attacks (that is where a website will be brought down due to hundreds of thousands of queries being made all at once) and adds another layer of security to your website.
- Change your username to less obvious ones and change your password to one that has 16 or more digits. In the case of this breach, it is highly advisable to change your database name and password too – your developer can do this for you.
- Make sure your WordPress plugins, themes and database are kept up to date, the vast majority of updates are to fix security holes!
- Avoid cheap, shared hosting!
- Engage with reputable website developers that will help keep your website and server space secure. Yes, that means a monthly maintenance fee!
- If employees leave, change passwords
- Enable 2-factor authentication, yes I know it’s a pain but the alternative is very expensive!
- Avoid accessing sensitive areas like your website or bank via public wi-fi. If you do need to, use a VPN. We like and use Cyberghost
- Make sure that your website is backed up to another area (not to the same server so please don’t use a backup plugin) on a regular basis. We do daily backups, but weekly is fine if you don’t make regular changes to your website, just know if you need to roll back a couple of versions you could lose the work done in between times.
- Don’t trust links in emails, always navigate direct to a website before logging in, far too many fake emails now look real, but the links will be spurious. If in doubt don’t click!
If you have found the information in this article, GoDaddy WordPress Hosting Data Breach, useful please do share it!
Author: Juliet Woodmason
2 Pennies Worth: Jules White