Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe

This entry was posted in General Security, PSA, WordPress Security on November 23, 2021 by Ram Gall   9 Replies

Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were impacted. The brands impacted include:

According to Dan Rice, VP of Corporate Communications at GoDaddy,

The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.

tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe were acquired by GoDaddy as part of Host Europe Group in 2017[1], while Media Temple was bought by GoDaddy in 2013[2].

We have been provided with a copy of the Notice of Security Incident email sent by Media Temple:


As well as a copy of the Notice of Security Incident email sent by tsoHost:

All of the impacted hosting providers are using URLs starting with


for provisioning, account management, and configuration of their Managed WordPress offerings, and store sFTP passwords that can be retrieved in plaintext:

As this is a developing story, we will continue to provide more information as it becomes available. To receive updates, you can join our WordPress security mailing list on this page.


  1. https://aboutus.godaddy.net/newsroom/press-releases/press-release-details/2017/GoDaddy-Completes-Acquisition-Of-Host-Europe-Group/default.aspx
  2. https://mediatemple.net/blog/press/godaddy-acquires-mt-media-temple-to-accelerate-web-pro-expertise/

Did you enjoy this post? Share it!

9 Comments on "GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe"

Woofer November 23, 2021 at 3:18 pm

Ram, Chloe, Mark an all the staff. Top sleuthing as usual. Keep up the "Excellent" work. One Premium subscription coming up.

Justin Blair November 23, 2021 at 3:22 pm

I have an old website that I let go. I thought I shut everything down, but I still got an email from GD today about this.

I shut everything down two years ago. They were my original host, etc., but I left them for CloudFlare after a year or two (transferred the lot- CNAME, A/AAAA, DNS, the whole 9 yards). After that second year, they really were just where I'd registered the domain. I wonder what that means for me?

wolfhound68 November 23, 2021 at 4:42 pm

GoDaddy and so many high-profile websites do not use best practices. The other issue that may plague us all, even with upgraded antivirus, with Malware prevention, VPN's, Ad-blocking, and Identity protection our websites are still vulnerable. They are only as good as the hosting companies we choose.

CrouchingBruin November 26, 2021 at 3:21 am

For the longest time, they wouldn't make the latest PHP versions available.

Arindam November 23, 2021 at 9:04 pm

I am not able to log in to the admin page for my website on wordpress. It does not accept my password and is not sending an email to me to reset the password. Is it related to the security breach?

chocolatePB November 24, 2021 at 6:15 am

** This also affected www.domainspricedright.com just FYI :)

chocolatePB November 24, 2021 at 6:56 am

** I mean domains that are housed with Domains Priced Right

Ram Gall November 24, 2021 at 7:15 am


Yes, it does look like domainspricedright.com (which is one of the oldest GoDaddy whitelabels) offers the same Managed WordPress plans - it's likely that customers of any whitelabel resellers that offered these plans would also be impacted.

Nedda November 24, 2021 at 10:38 am

Just want to share this information with others.

I purchase my domain name from GoDaddy, but my website is hosted elsewhere. Today I received in snail mail a solicitation from another domain name vendor which included not only my domain name, but the names of the servers associated with my domain. This information could only have been gotten if someone had access to my website information at GoDaddy.com.

I tried to contact GoDaddy to let them know about this, but there seems to be no way to reach them. No one is responding to their chat, and the phone number that used to be available is no longer listed on their website.

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates