GoDaddy isn't the only web hosting firm caught up in mega breach

GoDaddy logo
(Image credit: Shutterstock/Postmodern Studio)

The recent GoDaddy breach that impacted more than 1.2 million users isn’t limited just to that web hosting company, but affected a whole slew of resellers.

A day after the breach occured, the company announced how tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe were also all affected.

GoDaddy VP of Corporate Communications Dan Race, told TechRadar Pro, "The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action."

Wider impact

While tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe were bought out by GoDaddy in 2017, Media Temple was acquired back in 2013. 

Both Media Temple and tsoHost have already begun sending out emails to warn  users of the data breach.

It seems that all of the impacted hosting providers use the same URL, starting with https://myh.secureserver.net/#/hosting/mwp/v1/ for provisioning, account management, and configuration of their Managed WordPress offers. What’s more, they store sFTP passwords which can then be found, in plaintext.

As per the earlier report, a malicious actor used a compromised password to access GoDaddy’s database sometime around September 6. It took GoDaddy more than a month to spot the intrusion, as it said it discovered the breach on November 17.

The 1.2 million active and inactive users that were compromised in this attack have had their email addresses and customer numbers exposed, the company further said. It warned that these sites were at additional danger of possible phishing attacks, and said that the original WordPress admin password, which gets created with the first installation of WordPress, is also exposed. Meaning, if the webmasters fail to change the “factory” password, their websites could be in particular danger.

GoDaddy has more than 20 million customers worldwide.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.