GoDaddy recently announced they had suffered from a massive data breach on its Managed WordPress service. It affected a whopping 1.2 million of its customers, and it isn’t the first time. This is GoDaddy’s third major data breach in four years. Its safe to say, your data and your website aren’t safe with them.
In the Securities and Exchange Commission (SEC) filing on 22nd November 2021, GoDaddy said they had detected “unauthorized third-party access” to their “Managed WordPress hosting environment.” They also stated how they first detected the data breach on the 17th November 2021 but that the unauthorised access has been ongoing since the 6th September 2021. That is over 2 months they have unauthorised access to over a million customers website and data. If you think 2 months is bad, you’re right. But its not the worst. GoDaddy suffered another data breach in October 2019. And they didn’t find the breach till May 2020. You have to ask, when these breaches do happen, why aren’t they finding them sooner?
The GoDaddy data breach is worse than they make out.
GoDaddy’s statement announced how they changed all the passwords for those customers who were affected. This is a reasonable thing to do, but to then pretend that all is then good is just wrong. Resetting passwords on its own doesn’t do anything to deal with the aftermath of unauthorised WordPress access. The hackers could have left behind malware or viruses. They could have edited websites to act in a malicious way to spread malware or viruses.
That leaves potentially over a million customers with issues with their website. Their websites could still be prone to security risks and further unauthorised access. In our experience, most WordPress hackers will leave a backdoor so they can get back in even after passwords have been reset. We know this from our experience working on project were the site had been hacked before they became a client.
In my opinion, GoDaddy are skirting their responsibility and should be publicly offering to work with every customer to ensure their website is secure. This is their third data breach in four years which just shows they aren’t doing anywhere near enough to protect their customers.
In reality, it has affected many more than 1.2 million businesses.
GoDaddy’s statement says that just 1.2 million businesses are affected by the data breach which has affected their managed WordPress hosting. In reality, this is much higher. The hackers would have had database access for 2 months meaning they could have accessed the personal identifiable information of potentially millions more customers of any e-commerce websites affected by the data breach. And as mentioned above, they could still have access meaning they could keep getting more data.
The knock-on effect of this breach could go on for a long time. At the very least, millions have had their emails leaked so are now at increased risk of phishing and targeted spam. With passwords also being leaked, many other sites could be compromised too. All it takes is for the customer to use the same credentials on another site and that’s then compromised.
How GoDaddy should fix it?
Its too late to fix it. The data is already out there. But the least they can do, is make sure every website is clean again. They need to run full WordPress security audits on every site. They need to check for back-doors left behind by hackers. Compromised databases will need restoring back to the way they where. Malicious files will need removing. Rogue administrator accounts will need deleting. Not doing all of this, is just negligent in my opinion. Its the minimum they should do.
For those affected by the GoDaddy data breach, what should you do next?
So, if you were did suffer from the GoDaddy WordPress Data Breach, what should you do next? Honestly, the answer is pretty simple. Move your WordPress websites away from GoDaddy. This isn’t the first they time they have lost customer data. And it certainly won’t be the last. So where can I host my website you ask? Well, you can host it with us at ADB Web Designs. We are reliable, trustworthy, and as its my own small business, you’ll know I care. I’ll help make sure that your website is free of any malware or unauthorised access once its on my servers. I’ll then secure your site with two-factor authentication as well as putting further security in place.
When your website is with us, you can rest assured you’ll get much better customer service and my dedication. So not only will your website be safer, it will also probably be cheaper too and with much better support. If your website were to suffer a data breach, we wouldn’t just reset your password and leave you to it. We’d get you back up and running after checking every inch of your website to ensure its clean.
Did you lose your data in the data breach? Are you worrying that your website is still at risk? Are you worrying that it will happen again? If the answer is yes, to any of these questions you know what you have to do. Get in contact with ADB Web Designs today and we’ll help you out.