Was Godaddy Really Hacked? - Contento Interactive Group LLC

Whenever I receive an email stating that one of my accounts was hacked and to ‘click here’ to reset the password, my first thought is that it’s a phishing scam. In this case, however, Godaddy appears to have been hacked.

Godaddy Notifies Customers of Security Breach

According to the email they sent out:

“We recently identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of a third-party IT forensics firm and have contacted law enforcement. Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to certain authentication information for administrative services, specifically, your customer number and email address associated with your account; your WordPress Admin login set at inception; and your sFTP and database usernames and passwords. What this means is the unauthorized party could have obtained the ability to access your Managed WordPress service and make changes to it, including to alter your website and the content stored on it. The exposure of your email address may also present a heightened risk of phishing attacks.”
Tweet

Is the Email Sender Legit?

Whenever you receive an email like this, be sure to check the actual from address – if it’s a scam, it will have a scammy-looking email address. Note, in some email clients an alias shows up in the ‘from’ field – hover over the alias to see the actual email address.

Avoid Clicking Links in Emails, Go to the Source

Once you confirm that it is a valid email, you’ll want to take any actions listed in the emails. Even if it appears legit, I would NOT click on any links in the email itself. Go to the business’s website, log in to your account and take the necessary steps from there. If you don’t know what to do after logging in, use the chat/support link within your account to ask for help.

Reset Your Passwords

Godaddy goes on to say…

Second, we have reset your WordPress Admin login credentials, sFTP password and your database password. Your website is still up and running, but you won’t be able to edit content until you reset your passwords.
Tweet

Resetting your passwords is straightforward enough. Godaddy has a number of step-by-step guides to assist you if you aren’t sure how. Then be especially aware of phishing and spam emails landing in your inbox. Scrutinize every email and always avoid clicking links in emails when possible. If you’re unsure of an email being legit, copy the subject line into a new google search, or on snopes.com and see if that email has already been identified as a scam.

Learn more about the Godaddy Hack

If you’d like to look into Godaddy’s security incident further, check out these resources:

Domain Registrar GoDaddy Breached, Attackers Trick Employees Into Transferring Ownership of Cryptocurrency Sites | CPO Magainze
https://www.cpomagazine.com/cyber-security/domain-registrar-godaddy-breached-attackers-trick-employees-into-transferring-ownership-of-cryptocurrency-sites/
GoDaddy just realized it was hacked months ago | Mashable
https://mashable.com/article/godaddy-hack-customer-data
GoDaddy Hacked, 1.2M Customers at Risk of Phishing Attack | PC Magazine
https://www.pcmag.com/news/godaddy-hacked-12m-customers-at-risk-of-phishing-attack

Need Help Securing Your Godaddy Managed WordPress Hosting Account?

Contact Contento Interactive Group and we’ll help you reset the passwords including your database credentials.