Posts

GoDaddy Hack Spreads to 6 More Web Hosts


The hack that exposed the details of 1.2 million GoDaddy customers has spread to six more web hosts. As Search Engine Journal reports, the six additional web hosts are all resellers of GoDaddy’s WordPress hosting services and include 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost.

Customers of at least two of these web hosting companies have been sent emails very similar to the one GoDaddy sent out regarding the security breach. The hack they experienced also targeted Managed WordPress accounts and managed to leak email addresses, customer numbers, WordPress Admin passwords, sFTP database usernames and passwords for active customers, and in some cases SSL private keys.

WordPress security plugin maker Wordfence confirmed the hack has spread to these web hosts and published a quote from Dan Rice, VP of Corporate Communications at GoDaddy, as to the extent of the attack:

“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”

The intrusion began on Sept. 6, giving the attacker plenty of time to take advantage of the user data and access to accounts. It’s currently unknown how that access to the data has been used. All customers affected by the breach at the web hosts listed above need to be vigilant and extra cautious with the emails they receive.

Hopefully each company has either contacted or is in the process of contacting affected customers with the measures taken to close the security hole. If you believe your account was compromised and haven’t been contacted, be proactive and contact your web host to confirm the status/health of your account.

Source…

GoDaddy sends employees fake Christmas bonus email as security test


Might as well have offered a lump of coal.

Internet domain behemoth GoDaddy sent employees an email promising a Christmas bonus — that turned out to actually be a computer security test.

Some 500 staffers clicked on the Dec. 14 email from the Arizona-based company that offered a $650 holiday bonus and asked them to fill out a form with their personal information.

“Happy Holiday GoDaddy! 2020 has been a record year for GoDaddy, thanks to you!,” said the message, obtained by Phoenix TV-station KPNX.

“Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!” 

Two days later, employees got an email from GoDaddy’s security chief that read: “You are receiving this email because you failed our recent phishing test,” the Copper Courier newspaper reported.

Many social media users raked GoDaddy over the coals, calling the test tone-deaf amid the coronavirus pandemic that’s left millions of Americans financially reeling.

The company on Thursday said it apologized to people who felt the email was “insensitive,” adding it “takes the security of our platform extremely seriously.”

“We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized,” a spokesman said in a statement.

With Post wires

Source…

RTL Today – Computer security test: GoDaddy apologises for fake Christmas bonus email security test


US web company GoDaddy apologized Thursday after an email that promised employees a Christmas bonus in the midst of the economic crisis turned out to be a computer security test.

“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized,” a spokesman for GoDaddy, the largest internet domain management company in the world, told AFP in a statement.

“While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees,” added the Arizona-based company.

In December, around 500 employees clicked on an email from the company offering a Christmas bonus of $650 and asking them to fill out a form with their personal details.

Two days later, a different message appeared in their inboxes.

“You are receiving this email because you failed our recent phishing test,” the email from GoDaddy’s security chief read, according to Arizona’s Copper Courier newspaper.

The technique of phishing, widely used by computer hackers, sees emails pretending to be a person known to the intended target, with the objective of obtaining information to infiltrate their computer systems.

The test email sparked uproar on social media as millions of Americans have been hit hard by the economic crisis linked to the coronavirus pandemic.

Source…

GoDaddy apologises to employees after Christmas bonus email turned out to be security test




a group of people standing around each other


© Provided by WION


GoDaddy, the largest internet domain management company in the world, on Friday, issued an apology to its employees that after an email that promised them a Christmas bonus in the midst of the economic crisis turned out to be a computer security test.

The Arizona-based company said “GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologised.”

A spokesman for GoDaddy added, “While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.”

In December, around 500 employees of GoDaddy clicked on an email from the company offering a Christmas bonus of $650 and asking them to fill out a form with their personal details.

Two days later, a different message appeared in their inboxes.

“You are receiving this email because you failed our recent phishing test,” the email from GoDaddy’s security chief read, according to Arizona’s Copper Courier newspaper.

The technique of phishing, widely used by computer hackers, sees emails pretending to be a person known to the intended target, with the objective of obtaining information to infiltrate their computer systems.

The test email sparked uproar on social media as millions of Americans have been hit hard by the economic crisis linked to the coronavirus pandemic.

Source…