Is your WordPress Website Hosted on GoDaddy? Then Your Passwords Have been Stolen
Last week GoDaddy announced a major security breach affecting over a million customers, and if you’re one of them then there are some urgent actions to take as the people who made this breach have your logon details.
GoDaddy is a popular web hosting company and has been around since the 1990s where it initially was just a place to host websites, it then became popular selling domain names and has since grown to a huge company with over $3billion of revenues and offers a wide range of internet services.
One of their services is that you can host a WordPress website, WordPress is a very popular system being very adaptable with a large range of plugins and powers a third of all websites. A powerful system combined with GoDaddy’s ease to setup you can see why a lot of people use it.
Last week GoDaddy announces a hacker breached their WordPress system in early September, it’s believed they used a compromised password. The hacker was identified and kicked out in the middle of November but during the time of access they had access to 1.2 million WordPress hosted customers, specifically they could access email addresses, original WordPress admin password and other usernames and passwords.
How many local Chichester Businesses are included in this?
If you host your website with GoDaddy don’t panic, you may not have been affected, you would have been contacted by email and had your passwords reset. We have a website hosted with them and got the email (screenshot below) but found our passwords weren’t reset, so make sure you reset them all yourselves, and even if you didn’t receive the email, it’s worth changing passwords regularly and remembering to not re-use passwords for different logins.
A Password Manager is critical to achieving this
If you have been breached there are a couple of risks to protect yourself from.
Firstly, there is likely to be an increased risk of phishing emails, this is where a criminal will send an email pretending to be someone else to make you click a bad link which will lead to them taking control of your device or transfer your money to them. Now they know your email and some details about you, expect them to be very targeted and harder to spot than usual.
The second is a greater risk and that is they can log on and make changes to your website, they may have put malicious files there so anyone who visits your website could get compromised yourself.
How would your reputation hold out if your website visitors are compromised or their security software detects a problem?
To play it safe we recommend these urgent steps
- Change all admin passwords to the website
- Check no new admins have been setup, if they have then remove them immediately
- Enable Multi-Factor Authentication
- Perform a security review of your site
A breach can happen to anyone, even you.
We believe that with the current rate of cybercrime its inevitable a breach will occur to every company at some point, it’s not about whether you are breached but how you deal with it. GoDaddy didn’t really make a big deal about this breach on their website and the email they sent out was very tame and easy to miss or ignore, so we think more could have been done to make people aware, not performing the password reset was also a poor show.
If you are a Chichester, West Sussex or Hampshire based company then we recommend working with a local company who treat incidents like this seriously, JBS Print are an amazing company to work with and can be found at www.jbsprint.co.uk/services
If you are worried or need some Cyber Security assistance then reach out to our team to see how we can help. Or watch our demonstrating how hackers work with our Hackers Toolkit video
