[Security Weekly] GoDaddy Suffers Data Breach Impacting 1.2 Million WordPress Sites
December 2021, Issue I
1. GoDaddy suffers cyberattack compromising 1.2 million WordPress sites
GoDaddy, the world’s largest web hosting provider behind 15.2% of all websites, reported a cyberattack in a filing to the Securities and Exchange Commission (SEC) on November 22, disclosing that 1.2 million WordPress sites it hosted were compromised. WordPress is the largest website content management system powering 42% of all websites.
The impacted customers were users of a GoDaddy managed service that provides optimized hosting, automated daily backups, and related support. The hacker accessed sensitive information of these websites from GoDaddy’s network during a period of two and a half months between September 6 and November 17.
Compromised data contained emails, customer numbers, and default WP admin passwords of 1.2 million active and inactive websites, as well as database login credentials for active websites. The SSL private keys for an undisclosed number of active customers were also exposed. GoDaddy said it has reset all compromised passwords. Still, it remains unclear if the hacker had already exploited any of these websites during the intrusion period.
All impacted customers are asked to watch out for social engineering and phishing attacks.
Sources: ZDNet, Threatpost
2. Panasonic discloses cyberattack and data breach
Panasonic revealed that it had discovered a cyberattack on November 11, confirming that the attackers gained unauthorized access to its internal network and accessed data in its database servers.
Panasonic said that it had filed the case with local authorities and deployed countermeasures to contain the attack. However, like most incidents of its kind in Japan, the company did not provide any detailed information on the scale of impact and what kind of data were breached.
Nevertheless, local news media NHK reported that the intrusion started in June and lasted through November, compromising servers that stored data on Panasonic’s business partners, customers, employees, as well as proprietary technology.
Panasonic is currently investigating the incident with third-party experts.
Sources: NHK, TechCrunch
3. DNA testing company confirms data breach impacting 2 million people
DNA Diagnostics Center (DDC), an Ohio-based DNA testing firm that conducts over one million tests annually for personal, legal, and immigration purposes, reported a data breach that exposed the personal information of 2,102,426 people.
On August 6, the company first discovered unauthorized access to its internal network, and quickly learned that an archived database was accessed and exfiltrated over a period of two months between May 24 and July 28. The database was acquired by DDC from a third-party genetic testing organization back in 2012, containing personal information collected between 2004 and 2012.
Investigations concluded on October 29, at which point the DDC confirmed that personal data including full names, payment card numbers and CVV2s, and bank account numbers were compromised. The company has begun notifying impacted individuals and is offering all victims credit monitoring services.
Sources: ZDNet, Bleeping Computer
4. Marine services giant Swire Pacific Offshore attacked by Clop ransomware
Swire Pacific Offshore (SPO), a Singapore-based marine services company that provides ships and crews for specialized marine tasks, was attacked by Clop ransomware.
The Clop ransomware gang claimed that the company has an annual revenue of $3 billion and posted screenshots of exfiltrated data on its leak site. These compromised data included scanned passports, ID numbers, bank account information, email addresses, as well as payroll information, most of which belong to SPO employees. The potential number of affected people could be as high as 2,500, spanning across 18 countries.
SPO confirmed the attack and said it has taken proper countermeasures to mitigate its impact. Even though the company’s website was down for days, its international operations remained unaffected. SPO is in the process of notifying all affected parties.
Sources: Infosecurity, Bleeping Computer
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security