news GoDaddy discloses recent security breach !

[lovely4ever]

https://www.yahoo.com/now/godaddy-wordpress-security-issue-1-2-million-users-150142622.html​

.

 

[WGS_Thunder]

the 1 year chart is ugly IMO

 

[Future Sensors]

the 1 year chart is ugly IMO

It may be a buying opportunity. As a long-time platinum customer migrating away from GoDaddy with all my business, I have mixed feelings, because I'm also investing in the company. But my risk is spread over many different investments (including domains).

 

[labrocca]

There is still more information to become available. However, there are some key differences here between the breach of Epik and the breach of GoDaddy. Like response time, scope of the breach, fall-out, motivation and goals of the hacker(s), etc. I had a serious breach about 10 years ago, and the hacker(s) placed malicious code on the server to send out spam and collect email addresses. The hackers wanted to keep the hack incognito as this would allow them to exploit the server for as long as possible. This seems to be the case here. It is to GoDaddy's credit that they identified it so soon (it occurred on Nov 17) and responded fairly quickly.

Outcome is the same. Allowing a breach to be politicized so you can blame the company instead of the illegal act by the hackers is silly. Blaming the victim is ridiculous. Security is security and Epik got a lot of flack for their practices but I barely see anyone saying that Godaddy is responsible for this. Hackers target EVERYONE. If you have a weakness in your security they will find it. It shouldn't matter who the target is and practically doesn't matter what motivated the hackers either. Whether it's for money, politics, or the lulz. You get breached, you do your best, you move on. The Epik thread is like 100 pages. Godaddy hasn't even gotten a 2nd page thread. Just unreal.

 

[biro]

I am too lucky I transferred all my domains 1 month ago from gd, deleted my gd and afternic accounts

 

[MadAboutDomains]

Just waiting for the trolls to slander them because of their politics even though they had the best intentions and categorically will not have wanted to allow this to happen, just like they did to another service that had a hack recently...

Not going to happen. Vile vile people that pretend to be nice as pie but are worse than that which they purport to oppose.

 

[DN Playbook]

Oh really? If there are ''more information to become available'' how can you even say that there are ''key differences''?

But did you even read the article, linked in the header? It's clearly said that the first breach happened on Sept 6, and GoDaddy only made it public on Nov 22. Oh yeah, indeed it's different from Epik, who admitted it like the next day, I totally agree...

The rest is just pure speculation - ''the motivation and goals of hackers'' - who gives a shit? What does it has to do with an outcome? Breach is breach, damage is done to both. Should a person holding a portfolio with GoDaddy be more relieved, knowing hackers weren't inspired by GoDaddy top management's political views? Big difference for a domainer, indeed... You shouldn't even change the passwords, when it's GoDaddy, right?
Obviously, it was done to GoDaddy for greater good, but to Epik because of ''...evil Rob Monster!!!...''.

You're right. A breach is a breach and causes harm of varied degrees to the customer. The key questions that should be asked is when was the provider aware of the breach, what was the scope, what was or is the response, was the provider aware of security holes and when and what did they do about it at the time.

And I should have written the breach was identified on Nov 17. It did indeed occur on Sept 6 as per reports so far presented. The investigation is ongoing.

 

[Future Sensors]

GoDaddy now owns the company that invented Managed WordPress

November 11, 2021

https://www.techradar.com/news/godaddy-now-owns-the-company-that-invented-managed-wordpress

https://aboutus.godaddy.net/newsroo...etails/2021/Pagely-joins-GoDaddy/default.aspx

 

[Future Sensors]

 

[Future Sensors]

Source: https://wptavern.com/godaddy-data-b...d-inactive-managed-wordpress-hosting-accounts

 

[Future Sensors]

Why GoDaddy Data Breach Of +1 Million Clients Is Worse Than Described

GoDaddy Managed WordPress hosting customers suffered a data breach. Passwords have been reset but effects may still be persist.

Over one million GoDaddy hosting customers suffered a data breach in September 2021 that went unnoticed for two months. GoDaddy described the security event as a vulnerability. Security researchers indicate that the cause of the vulnerability was due to inadequate security that did not meet industry best practices.

Read more:

https://www.searchenginejournal.com/why-godaddy-data-breach-of-1-million-clients-is-worse-than-described/428032/

 

[aelko]

On October 23rd, I received an email from GoDaddy. They wrote that someone entered my account from a new location or device.

I have a unique password on GoDaddy because I used to have domains there.

It really excited me then. Because I thought someone was gaining access to my encrypted password database.

 

[Future Sensors]

GoDaddy Breach Widens to Include Reseller Subsidiaries

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.

The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected.

The additional affected companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost.

Read more:

https://threatpost.com/godaddy-breach-widens-reseller-subsidiaries/176575/

 

[Windoms]

It's crazy to see the effect of basic communication when it comes to mitigating damage.

No one wants their domain at a registrar which is targeted by hackers and government agencies of all sorts because of their practice (being a haven for undesirable websites).

Had it been a very large and established company, some straightforward PR and security measures would have mitigated the damage

 

[VRdommy]

Data and security are two words that should never be used together to mean anything.

Those of you who have asked if you should change your passwords... yes, don't be stupid.
In fact I would change them now and again in 6 months.
Don't use the same ones you use on other sites, or even throughout a site. hackers know humane habits.
Create a cheat sheet to remember them if you must.

I have always been weary of any system or method that allows others to store my passwords.
Any sitting data is hackable, so, place as few bits of it in the hands of others as you can for when, not if it happens.

We may only be 5 - 10 years away from super computers cracking all present forms of encryption, so, it's only a matter of time before that is in the hands of state sponsored hacks. Many are storing data they can't crack yet with the idea of doing it at that time. Add extra digits to your existing passwords yearly may help some.

But on the surface of this hack, you may have only prevented it by doing your own hosting and security.
Sometimes the easy cheap has a price you do not see.

You can back-up your WP and DB's easy enough and move them to a new host.
GD is a big target because of the number of users it has.... JACKPOT !

Data security only exists in the voices of those who wish to liberate you of money.
Does it give you a warm fuzzy feeling ? LOL

Just try not to make it easy for them !

 

[DN Playbook]

But on the surface of this hack, you may have only prevented it by doing your own hosting and security.
Sometimes the easy cheap has a price you do not see.

Indeed. Using shared hosting, even vps, carries risks when someone on the same server or network behaves poorly. The reason so many users are using those services is because they are cheap. Running your own hosting is expensive and requires knowledge of server management.

GoDaddy is a target because of their size. Risk to payload ratio is very low for nefarious hackers. You also have to take into account that Wordpress is the most attacked and hacked open source CMS because people simply don't bother or don't know how to secure their WP sites. Often a user will install the basic WP installation on a site and forget about it for a while.

 

[redemo]

So Godaddy did have a major breach and the P.R. teams did an effective job at burying it?

 

[Windoms]

So Godaddy did have a major breach and the P.R. teams did an effective job at burying it?

They didn't do much effort, just a straightforward press release from what I understand.
Standard procedure.
It works when you have nothing to worry about.

 

[redemo]

I've never used Epik but I don't understand all the negativity towards Epik and none towards Godaddy? I guess one has more money and clout than the other. That's just how the world works, unfair but sadly true. Anyway it's Christmas. Who's having a turkey?

 

[Future Sensors]

GoDaddy took weeks to revoke compromised certificates, not hours.​

Web hosting service provider and domain registrar GoDaddy failed to meet a strict 24-hour deadline to revoke digital certicates compromised in a November hack, taking 14 days instead to cancel them.

Read more:

https://www.itnews.com.au/news/godaddy-took-weeks-to-revoke-compromised-certificates-573870

 

[DN Playbook]

I've never used Epik but I don't understand all the negativity towards Epik and none towards Godaddy? I guess one has more money and clout than the other. That's just how the world works, unfair but sadly true. Anyway it's Christmas. Who's having a turkey?

That's part of it. But mostly because the hackers of Epik chose to publicly dump the data in multiple dumps over time. And the past public political extremist position of the company's CEO which motivated the hack in the first place. Also RM revealing that the registrar code is old, shitty, and outdated. That didn't help matters. IMHO, registrars are not the best at hosting. Stay away from cheap hosting. Unless its for a personal non-essential site.