GoDaddy Breached - Plaintext Passwords - 1.2M Affected
www.wordfence.com
external-link
This morning, GoDaddy disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers. Note that this number does not include the number of customers of those websites that are affected by this breach, and some GoDaddy ...Read More

An attacker gained access to the provisioning system for GoDaddy’s managed WordPress service

@AgreeableLandscape
admin
link
102M

Wait, doesn’t Wordpress itself hash passwords? How the hell did they fuck this up?

@KelsonV
creator
link
42M

Apparently it was the database and sFTP passwords that were exposed.

@AgreeableLandscape
admin
link
42M

Doesn’t SSH hash passwords too?!

@KelsonV
creator
link
52M

Yeah…but it looks like they were storing the passwords to connect to the sFTP service!!

@AgreeableLandscape
admin
link
42M

Sigh. And the worst part is that nearly ever major web framework has a well known library for securely storing passwords.

@sibachian
link
52M

Honestly, no one should be using GoDaddy (or Bluehost, domain.com, etc). Ever. They’re only big and well known because of unethical practices. Use a local hosting company whenever possible (also usually much more affordable since they have to find ways to compete with the big names, and usually offer expert support since the server staff/owners themselves usually do the support due to limited funding).

@Echedenyan
link
12M

local companies more affordable

Say that to https://www.idecnet.com/ in the Canary Islands.

Not to make contrast with your general comment but to the idea that local = better.

Telefónica servers are also expensive.

@sibachian
link
22M

That doesn’t look local, looks more like a national company. But I don’t speak the language.

I meant specifically the typical local techie who runs an open source server solution for the local businesses and hobbyists.

@Echedenyan
link
1
edit-2
2M

Idecnet is a local company :3.

Some cloud services are allowed to be used by external people but a lot of their services are local.

art
link
52M

I warn everyone I know to avoid GoDaddy. Mostly because of their shady billing practices and their confusing proprietary management software. I guess poor security can be added to my list.

Subscribe to see more stories about technology on your homepage


  • 0 users online
  • 9 users / day
  • 69 users / week
  • 147 users / month
  • 522 users / 6 months
  • 4.09K subscribers
  • 1.95K Posts
  • 5.41K Comments
  • Modlog