GoDaddy Breached – Plaintext Passwords – 1.2M Affected
https://www.wordfence.comThis morning, GoDaddy ( also impacts tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe) disclosed that an unknown attacker had gained unauthorized access to the system used to provision the company’s Managed WordPress sites, impacting up to 1.2 million of their WordPress customers. Note that this number does not include the number of customers of those websites that are affected by this breach, and some GoDaddy customers have multiple Managed WordPress sites in their accounts.
It appears that GoDaddy was storing sFTP credentials either as plaintext, or in a format that could be reversed into plaintext. They did this rather than using a salted hash, or a public key, both of which are considered industry best practices for sFTP. This allowed an attacker direct access to password credentials without the need to crack them.