by Paul Ducklin
The US Securities and Equities Commission (SEC) has just published a “Security Incident” submitted last week by Web services behemoth GoDaddy.
GoDaddy says that on 17 November 2021 it realised that there were cybercriminals in its network, kicked them out, and then set about trying to figure out when the crooks got in, and what they’d managed to do while they were inside.
According to GoDaddy, the crooks – or the unauthorised third party, as the report refers to them:
Additionally, GoDaddy stated that default WordPress admin passwords, created when each account was opened, were accessed, too, though we’re hoping that few, if any, active users of the system had left this password unchanged after setting up their WordPress presence.
(Default starting passwords generally need to be sent to you somehow in cleartext, often via email, specifically so you can login for the first time to set up a proper password that you chose yourself.)
GoDaddy’s wording states that “sFTP […] passwords were exposed”, which makes it sound as though those passwords had been stored in plaintext form.
We’re assuming, if the passwords had been
Support the originator by clicking the read the rest link below.