Tuesday, December 7, 2021

Large GoDaddy Data Breach Involves WordPress Customer Email Adresses



Are you a GoDaddy customer? Do you maintain a WordPress blog with the company? If so be advised that the company recently announced a data breach of their network. An as yet unidentified third party accessed GoDaddy's Managed WordPress hosting environment.

Based on the investigation to date the intrusion began on September 6, 2021. While taking advantage of a vulnerability the company was unaware of at the time the unknown cybersecurity attacker was able to gain access to a variety of information.

The information taken includes:

  • The email addresses and customer numbers of more than 1 million Managed WordPress customers (both active and inactive)
  • The original WordPress Administrative password that was set at the time of provisioning
  • For active customers, the SFTP and database usernames and passwords
  • And for some customers (exact number unknown at this time), the SSL private key

The company has retained the services of an independent third-party security firm to assist them with their investigation. That investigation is ongoing but the company has already reset the SFTP and database passwords for all impacted users. They are in the process of issuing and installing new certificates for customers who had their SSL private keys exposed.

The company is in the process of contacting all impacted users. If your email address was exposed, you will definitely want to keep a sharp eye out for phishing attacks targeting your email address.

As is the case any time an event like this occurs the company apologized and stressed that they take customer data security very seriously. No additional information is available at this time but bear in mind that the investigation is still ongoing.

It's unfortunate but not altogether unsurprising. A company as large as GoDaddy with millions of customers is an attractive target for almost any hacker. Stay vigilant out there. This won't be the last major breach we see this year.

Call SpartanTec, Inc. now if for more information about cybersecurity and our managed IT services.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Hackers Hit Wind Energy Provider With Ransomware



Vestas Wind Systems is one of the leaders in wind turbine manufacturing in North America with 40,000 MW currently installed and another 36,000 MW under service in both the US and Canada.

Recently the company published a data breach notification indicating that they had been the subject of a successful cyber attack which occurred on Friday, November 19th.

This forced them to shut down broad swaths of their network infrastructure to keep the attack from spreading. Although Vestas did not specify the exact nature of the attack based on their description it seems likely that the company fell victim to a ransomware attack.

Unfortunately this incident is almost certain to have serious downstream impacts. The company was already struggling with supply chain issues and the shutdown forced them to delay production. That is going to delay the completion of many of the projects Vestas has in the pipeline which will have further impacts as well. Although these are difficult to predict with any accuracy.

According to the latest information provided by the company both the issue itself and the investigation into it are ongoing and the company does not yet have a firm timeline for recovery. Vestas also confirmed that some of the company's data had been compromised and exfiltrated but did not provide any details as to the specifics of that information.

There have been a number of cyberattacks on critical infrastructure concerns as gangs of cybercriminals seek ever larger payouts. Given that the Vestas attack is very much in line with attacks earlier this year on Colonial Pipeline, Irelands Health Service Executive, and meat processing giant JBS.

If you do business with the company just be aware that their operations have been impacted and that the issue is ongoing so there are almost certain to be delays. Let us hope Vestas is able to resolve the matter quickly.

SpartanTec, Inc. now if you want more information about managed IT services and how they can help protect your information from cyberattacks.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston