The GoDaddy data breach, which affected as many as 1.2 million web hosts, has expanded to another six web hosts serving customers worldwide. The other six infected web hosts are resellers of GoDaddy hosting services. The level of intrusion seems to be the same as GoDaddy, and the date the security intrusion started matches.
The six infected web hosting service providers are:
- 123Reg
- Domain factory
- Heart Net
- Host Europe
- Media sanctuary
- Host
advertise
Keep reading below
Precise date of invasion
California issued a security breach notification submitted by GoDaddy on November 23, 2021.
In the California notice, GoDaddy provided a specific date for the security breach.
Date of invasion:
- 09/06/2021
- 09/07/2021
- 09/08/2021
- 09/09/2021
- 09/10/2021
- 09/11/2021
- 11/07/2021
These dates are important because, according to information released by Wordfence, customers of at least two hosting providers have received notifications citing the same intrusion date, which is September 6, 2021. This means that the root causes of additional data breaches are interrelated, if not more, at least on the date.
advertise
Keep reading below
The notifications sent to GoDaddy customers and at least two additional web hosts are similar.
This is part of the email sent to GoDaddy customers:
“We are writing to notify you that a security incident has occurred that affects your GoDaddy managed WordPress hosting service.
On November 17, we discovered suspicious activity in the WordPress hosting environment, and immediately started an investigation with the help of a third-party IT forensics company, and contacted law enforcement.
Our investigation is still ongoing, but we have determined that on or around September 6, 2021, unauthorized third parties obtained access to certain authentication information used to manage the service, especially with your The customer number and email address associated with the account; the WordPress administrator login you set up at the beginning; and your sFTP and
Database user name and password.This means that an unauthorized party can gain the ability to access your hosted WordPress service and make changes to it, including changing your website and the content stored in it. “
Notifications sent to GoDaddy customers are similar to email notifications sent to MediaTemple customers.
This is part of the email sent to MediaTemple customers:
“…We have determined that on or around September 6, 2021, unauthorized third parties obtained certain identity verification information used to manage the service, especially the customer number and email associated with your account Address; the WordPress administrator login you set up at the beginning; and your sFTP and database username and password.”
The administrators of each virtual host have reset their passwords and advise customers to reset their passwords. Those whose SSL certificate data is exposed may have to reinstall their certificates.
advertise
Keep reading below
Is the customer facing a website that may be hacked?
Customers of the other six web hosting service providers affected by the data breach may face the possibility of further security issues because their sensitive data has been exposed for two months without being discovered, allowing hackers time to install backdoors, add rogue management accounts and Upload malicious scripts.



