GoDaddy isn't the only web hosting firm caught up in mega breach

News
By last updated

Several other resellers also impacted

GoDaddy logo
(Image credit: Shutterstock/Postmodern Studio)

The recent GoDaddy breach that impacted more than 1.2 million users isn’t limited just to that web hosting company, but affected a whole slew of resellers.

A day after the breach occured, the company announced how tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe were also all affected.

GoDaddy VP of Corporate Communications Dan Race, told TechRadar Pro, "The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action."

Wider impact

While tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe were bought out by GoDaddy in 2017, Media Temple was acquired back in 2013. 

Both Media Temple and tsoHost have already begun sending out emails to warn  users of the data breach.

It seems that all of the impacted hosting providers use the same URL, starting with https://myh.secureserver.net/#/hosting/mwp/v1/ for provisioning, account management, and configuration of their Managed WordPress offers. What’s more, they store sFTP passwords which can then be found, in plaintext.

As per the earlier report, a malicious actor used a compromised password to access GoDaddy’s database sometime around September 6. It took GoDaddy more than a month to spot the intrusion, as it said it discovered the breach on November 17.

The 1.2 million active and inactive users that were compromised in this attack have had their email addresses and customer numbers exposed, the company further said. It warned that these sites were at additional danger of possible phishing attacks, and said that the original WordPress admin password, which gets created with the first installation of WordPress, is also exposed. Meaning, if the webmasters fail to change the “factory” password, their websites could be in particular danger.

GoDaddy has more than 20 million customers worldwide.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
GoDaddy logo
GoDaddy told to up security practices by FTC
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Thousands of WordPress websites hit in new malware attack, here's what we know
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
Suitcase next to a bed in a hotel
Millions of hotel users see personal info checked out in huge data leak
vpn
Nominet says it was hit by cyberattack following recent Ivanti VPN security issue
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
Latest in Security
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
3d rendering of a submarine power cable on the seabed
Subsea internet cables can now ‘listen’ for sabotage using irregular pulses of light
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
Latest in News
A woman sitting in a chair looking at a Windows 11 laptop
Microsoft is supercharging Windows 11’s voice commands on Copilot+ PCs with Snapdragon CPUs, and fine-tuning a few Recall features
MacBook Air M4
Apple's rumored foldable iPad tipped to launch sooner than expected with an exciting software twist
A phone displaying the Google Messages logo
Google Messages could finally be getting this WhatsApp-style group chat feature
The Future Games Show Spring Showcase
The Future Games Show returns this week for its Spring Showcase, here's how to watch and what games to expect
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
More about security
NordProtect logo

Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X

Ofcom cracks down on UK tech firms, will issue sanctions for illegal content

Dark Web monitoring

A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
See more latest
Most Popular
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
A phone displaying the Google Messages logo
Google Messages could finally be getting this WhatsApp-style group chat feature
MacBook Air M4
Apple's rumored foldable iPad tipped to launch sooner than expected with an exciting software twist
The Future Games Show Spring Showcase
The Future Games Show returns this week for its Spring Showcase, here's how to watch and what games to expect
Apple iPhone 16 Plus Review
Apple expert just tipped a load of iPhone 17 upgrades: here are 7 things we’ve learned
A woman sitting in a chair looking at a Windows 11 laptop
Microsoft is supercharging Windows 11’s voice commands on Copilot+ PCs with Snapdragon CPUs, and fine-tuning a few Recall features
Nvidia GTC 2024
Nvidia GTC 2025 - all the news and updates from Jensen Huang keynote as it happens
NordProtect logo
Standalone identity theft protection from Nord Security is now available
Nintendo Gamecube
Rumors about a GameCube controller for Switch 2 flare up again, this time thanks to evidence from Nintendo itself
PS5 Pro feature
New Playstation studio is helmed by veteran Call of Duty dev and has been 'working away in the shadows'