https://techcrunch.com/2021/11/22/godaddy-breach-million-accounts/
Exploit: Credential Compromise
GoDaddy: Web Hosting Provider
Risk to Business: 1.527= Severe GoDaddy has reported a data breach that may impact more than 1 million customers who use the service for WordPress hosting. The company detailed the incident in an SEC filing, declaring that it had detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers when someone used a compromised password for access around September 6. GoDaddy said it discovered the breach last week on November 17. The company warned that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. 1.2 million active and inactive managed WordPress users had their email addresses and customer numbers exposed in this incident.
Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: 1.2 million
How It Could Affect Your Customers’ Business : Third-party security risk is increasingly common in an interconnected world and building strong defenses helps protect against this unexpected danger.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
