Over a million GoDaddy WordPress customers had email addresses exposed in latest breach

GoDaddy has suffered a security breach that gave an attacker access to more than 1 million email addresses belonging to the company’s active and inactive Managed WordPress users, according to a disclosure it filed with the SEC on Monday.

The company says the attacker gained access to a provisioning system (meant to set up and automatically configure new sites when customers create them) in early September by “using a compromised password.” GoDaddy says that it noticed the intrusion on November 17th and immediately locked the attacker out before beginning an investigation and contacting law enforcement.

The hackers had access to more than just the email addresses — they could also see the original WordPress admin passwords set by the provisioner, as well as the credentials for active users’ databases and sFTP systems. The company also says that some customers had their private SSL keys exposed, which are responsible for proving that a website is who it says it is (powering the little lock icon you often see in your browser’s address bar).

According to GoDaddy, it’s working to mitigate the issues by resetting affected passwords and regenerating security certificates if needed. The company also says that it’s “contacting all impacted customers directly with specific details.” While those seem like appropriate steps, having to deal with a reset password will probably be a nuisance for some of its users.

GoDaddy didn’t immediately respond to a request for comment about how the attacker gained access to the password the company says was used to gain access to its systems. Its announcement does say, however, that its investigation is ongoing.

In recent intrusions at other companies, phishing or social engineering has been to blame (though there have also been instances of simply poor password security). GoDaddy itself has some pretty upsetting history with testing its employees’ cybersecurity awareness when it comes to fake emails, but attackers really only need to get lucky once to access treasure troves of data.

Repost: Original Source and Author Link

Tech News

Facebook posts can now be exported to Google Docs, Wordpress

Depending on how you look at it, Facebook may have surpassed Google in being the poster child for harvesting personal data on the Internet. Considering how much of people’s online lives and information it has in its possession, the social media giant regularly gets pushed, mostly through laws and regulations, to take certain steps to secure and unlock users’ information. Part of that is allowing users to move their data outside of Facebook and a new export tool will let them do just that to transfer their posts to other online services.

The ability to export Facebook data has actually been around for a few years now. It’s part of the Data Transfer Project, an agreement among some of the Big Tech companies to allow users to move some of their data across different and competing services. Last year, Facebook made it possible to transfer photos to Google Photos and now it’s doing something similar for posts themselves.

According to the blog post, Facebook users can go to their account’s “Your Facebook Information” Settings to select Transfer Your Information. You can select either Photos or Notes (but not both at the same time) and have them copied over to Google Docs or WordPress. You will then be asked to log into those external accounts before the transfer begins.

Facebook promises that the tool is secure and private and that data is encrypted as it moves between services. Comments to posts are not exported, however, since they’re associated with someone else’s Facebook account.

It’s a small but important step for Facebook users to have their data unshackled from the social network’s walls, at least when they need to. Facebook is, of course, simply complying with regional laws and probably doesn’t expect most users to utilize them, anyway.

Repost: Original Source and Author Link