A very serious hack that has suffered the largest Internet domain registration company in the world. It is the largest ICANN-accredited organization in the world, with tens of millions of registered domains. Now, it has suffered a very worrying hack , where they have recognized that hackers had been infiltrating their network for more than two months .
This has been reported by the company, which states that on November 17 it discovered that there were cybercriminals on its network since September 6, 2021 , so they were inside for about 10 weeks. In that time, they got hold of the emails and customer numbers from 1.2 million WordPress pages, grabbing the emails and passwords from those databases. Additionally, they accessed all active user SSL and TLS private keys.
1.2 million Godaddy accounts hacked
Among the passwords that have been accessed, GoDaddy recognizes that all administrator passwords that are sent by default when creating an account have been accessed. Thus, if you have not changed that default password, hackers now have it in their possession and can access your account. These passwords are normally sent in plain text to email , so they were not encrypted.
Typically, when hackers obtain encrypted passwords , obtaining them in plain text is a process that can take days, months, years, and may not even be able to decrypt them. However, if they are accessible in plain text , then they can start causing chaos right away.
For this reason, GoDaddy has reset all the affected passwords , and is in the process of replacing all the stolen web certificates with new ones. It is also contacting the 1.2 million affected users , although after two months on its network, it is possible that many have already generated serious problems on websites managed with WordPress.
Thus, a hacker with access to the sFTP password can download all the content of a web page, and also modify the existing one and install malicious plugins. With this, even after changing the password, they may have access to the new one. They can also post fake content, link to malicious websites, or introduce mining scripts.
By having access to the SSL / TLS private key of the web and all the content, an attacker can create an identical web to ours that not only claims to be the real web, but can also prove it by having the real web certificate.
What to do to protect yourself
Therefore, it is important to carry out a multitude of protection measures. The first thing is to thoroughly review the WordPress website, including all the files in the plugins and themes directory . You also have to see all the accounts registered on the web, since there may be new users with administrator permissions .
After that, we have to change the passwords and activate the two-step verification to prevent hackers from accessing the web again. Finally, be careful if someone contacts you by email offering “help” to clean up the WordPress site, as they may actually be the attackers who have your contact information, and they may only need your password to enter.
