Hacker News new | past | comments | ask | show | jobs | submit login

   • Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.

   • The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, we reset those passwords.

   • For active customers, sFTP and database usernames and passwords were exposed. We reset both passwords.

   • For a subset of active customers, the SSL private key was exposed. We are in the process of issuing and installing new certificates for those customers.

Oh dear. No mention of 2FA mechanisms here. So does that mean GoDaddy's security is not good enough or is in fact very poor?

No different to Epik's security breach I guess, but not the worst security breach I've seen in a long time when compared with Twitch [0].

[0] https://news.ycombinator.com/item?id=28771465




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: