GoDaddy isn’t the only web hosting firm caught up in mega breach

Several other resellers also impacted

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The recent GoDaddy breach that impacted more than 1.2 million users isn’t limited just to thatweb hostingcompany, but affected a whole slew of resellers.

A day after the breach occured, the company announced how tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe were also all affected.

GoDaddy VP of Corporate Communications Dan Race, toldTechRadar Pro, “The GoDaddy brands that resell GoDaddy ManagedWordPressare 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”

Wider impact

Wider impact

While tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe were bought out by GoDaddy in 2017, Media Temple was acquired back in 2013.

Both Media Temple and tsoHost have already begun sending out emails to warn  users of the data breach.

It seems that all of the impacted hosting providers use the same URL, starting withhttps://myh.secureserver.net/#/hosting/mwp/v1/for provisioning, account management, and configuration of their Managed WordPress offers. What’s more, they store sFTP passwords which can then be found, in plaintext.

As per the earlier report, a malicious actor used a compromised password to access GoDaddy’sdatabasesometime around September 6. It took GoDaddy more than a month to spot the intrusion, as it said it discovered the breach on November 17.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The 1.2 million active and inactive users that were compromised in this attack have had their email addresses and customer numbers exposed, the company further said. It warned that these sites were at additional danger of possible phishing attacks, and said that the original WordPress admin password, which gets created with the first installation of WordPress, is also exposed. Meaning, if the webmasters fail to change the “factory” password, their websites could be in particular danger.

GoDaddy has more than 20 million customers worldwide.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well