IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

GoDaddy breach widens to include reseller subsidiaries

123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost also affected

Open padlock on circuit board

The recent GoDaddy breach which affected 1.2 million customers has now widened to include subsidiaries that resell the firm’s Managed WordPress offering. 

The hosting company has revealed that the companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost.

GoDaddy confirmed to Wordfence that several of the resellers’ customers have been affected by the attack, which is said to have exposed email addresses, customer numbers, administrative login details, and even SSL private keys since it began. 

The hosting giant stopped short of confirming how many additional users have now been affected, however. 

“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost,” Dan Rice, vice president of corporate communications at GoDaddy, revealed to Wordfence. 

“A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”

As reported by our sister website ITPro, GoDaddy revealed in a public filing to the SEC that an intruder had gained entry to its Managed WordPress hosting environment on Nov 17, having used a stolen password to access the provisioning system for the service. 

The company disclosed that up to 1.2 million active and former users of its managed service had their email addresses and company numbers exposed. It also had to reset passwords after sFTP and database usernames and passwords were also stolen. 

Additionally, GoDaddy is currently issuing new certificates for a “subset of active customers” that had their SSL private keys exposed.

It was also discovered that the attacker had been inside the system since September 6, equating to more than two months of access to the data.

"We are sincerely sorry for this incident and the concern it causes for our customers," the company said in its filing. "We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. 

“We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection."

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Centreon to increase UK channel investment by 300% over the next year
IT infrastructure

Centreon to increase UK channel investment by 300% over the next year

26 May 2022
Accelerating security and success for MSPs with automation
Sponsored

Accelerating security and success for MSPs with automation

25 May 2022
Schneider Electric unveils Grid Operations Platform as a Service on Microsoft Azure
cloud computing

Schneider Electric unveils Grid Operations Platform as a Service on Microsoft Azure

24 May 2022
T-Mobile unveils new 5G Advanced Network Solutions
Network & Internet

T-Mobile unveils new 5G Advanced Network Solutions

24 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022