Mega Breach: GoDaddy isn’t the only hosting site hit

Not only was GoDaddy hacked in late April, affecting over 1.2 million customers, but the recent breach has impacted a slew of resellers as well.

On the next day, TsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe were all identified as being compromised.

According to Wordfence, GoDaddy VP of Corporate Communications, Dan Rice, said:“A small number of active and inactive Managed WordPress users at those brands were impacted by the data loss incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”

More people are affected.

In 2017, GoDaddy acquired tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe; however, Media Temple was bought back in 2013. Both Media Temple and tsoHost have already started emailing users to notify them of the data breach.

The impacted hosting companies appear to all use the same URL, which starts with https://myh.secureserver.net/#/hosting/mwp/v1/. Furthermore, they keep sFTP passwords in plaintext, which may be viewed by anyone who knows where to look.

According to the prior news, a malicious hacker gained access to GoDaddy’s database between September 6 and November 17, using a stolen password. It took GoDaddy more than a month to find the breach, as it revealed it on November 17.

The 1.2 million active and inactive users affected in the breach have had their email addresses and client numbers exposed, according to Equifax.

These websites were said to be at greater risk of possible phishing attacks, and the original WordPress admin password, which is established with the first WordPress installation, was revealed. This means that if the webmasters don’t change the “factory” password, their sites could be in danger.

More than 20 million people use GoDaddy every day.