GoDaddy Breach Widens to tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe
This entry was posted in General Security, PSA, WordPress Security on November 23, 2021 by Ram Gall 9 Replies
Yesterday GoDaddy disclosed a massive data breach impacting over 1.2 Million customers. Today, we received confirmation from GoDaddy that multiple brands that resell GoDaddy Managed WordPress were impacted. The brands impacted include:
According to Dan Rice, VP of Corporate Communications at GoDaddy,
“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”
tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe were acquired by GoDaddy as part of Host Europe Group in 2017, while Media Temple was bought by GoDaddy in 2013.
We have been provided with a copy of the Notice of Security Incident email sent by Media Temple:
As well as a copy of the Notice of Security Incident email sent by tsoHost:
All of the impacted hosting providers are using URLs starting with
for provisioning, account management, and configuration of their Managed WordPress offerings, and store sFTP passwords that can be retrieved in plaintext:
As this is a developing story, we will continue to provide more information as it becomes available. To receive updates, you can join our WordPress security mailing list on this page.