Although we all know GoDaddy's subpar, this is massive:<p>> credentials that gave it access to a “small number” of employee accounts and the hosting accounts of roughly 28,000 customers.<p>> obtain login credentials for WordPress admin accounts, FTP accounts, and email addresses for 1.2 million current and inactive Managed WordPress customers<p>I'm curious what they concretely did:<p>> goal is to infect websites and servers with malware for phishing campaigns, malware distribution<p>> weight loss websites<p>but hm. I guess I don't know a lot about malware, phishing and stuff. How would you gain exactly?
The article reads like a press release more than journalism.<p>Multiple uses of the word “sophisticated” as if the only way someone could gain access to Godaddy for _multiple years_ was if they are quite sophisticated, and not as a result of massive negligence on the part of Godaddy itself.<p>No quotes from the company apologizing.<p>Godaddy is wild…what a mess.
>> a misconfigured domain name system service at GoDaddy allowed hackers to hijack dozens of websites owned by Expedia, Yelp, Mozilla, and others..<p>Any idea what was the impact on Mozilla ? Did it impact the Firefox and plugin servers ?
Multi year breaches and general incompetence are kind of Godaddy’s MO. I remember doing notifications of suspicious activity to them and they never bothered even <i>trying</i> to fix it.<p>I would be shocked if they weren’t running afoul of GDPR required notifications by intentionally putting their heads in the sand and pretending no PII was stolen.