noyb Files GDPR Complaints Against TikTok, Grindr, and AppsFlyer Over Alleged Illegal Data Tracking. 
Apple Explores India for iPhone Chip Assembly as Manufacturing Push Accelerates 
Australia’s Under-16 Social Media Ban Sparks Global Debate and Early Challenges 
Nvidia Weighs Expanding H200 AI Chip Production as China Demand Surges 
Evercore Reaffirms Alphabet’s Search Dominance as AI Competition Intensifies 
Apple App Store Injunction Largely Upheld as Appeals Court Rules on Epic Games Case 
SUPERFORTUNE Launches AI-Powered Mobile App, Expanding Beyond Web3 Into $392 Billion Metaphysics Market 
Adobe Strengthens AI Strategy Ahead of Q4 Earnings, Says Stifel 
SpaceX Insider Share Sale Values Company Near $800 Billion Amid IPO Speculation 
SpaceX Reportedly Preparing Record-Breaking IPO Targeting $1.5 Trillion Valuation 
Intel’s Testing of China-Linked Chipmaking Tools Raises U.S. National Security Concerns 
EU Court Cuts Intel Antitrust Fine to €237 Million Amid Long-Running AMD Dispute 
Trump’s Approval of AI Chip Sales to China Triggers Bipartisan National Security Concerns 
EssilorLuxottica Bets on AI-Powered Smart Glasses as Competition Intensifies 
Moore Threads Stock Slides After Risk Warning Despite 600% Surge Since IPO 
MetaX IPO Soars as China’s AI Chip Stocks Ignite Investor Frenzy 
GoDaddy is one of the latest companies to suffer a security breach. The incident was revealed in a disclosure document filed to the Securities and Exchange Commission on Monday, confirming that up to 1.2 million customers were affected.
The attacker had reportedly used a compromised password to gain unauthorized access to GoDaddy’s provisioning system to get through to its legacy code base for its Managed WordPress hosting service.
Aside from providing its customers with domain names and offering web hosting, one of GoDaddy’s services is Managed WordPress hosting. It promises to provide users with search engine optimization (SEO) tools, malware scanning and removal, pre-built themes, and an array of WordPress plugins that customers can then use on their pages.
GoDaddy chief security information officer Demetrius Comes said the data breach was detected last Nov. 17 and that they have immediately blocked the attacker’s access. The company’s investigation, however, revealed that the unauthorized third-party access started as early as last Sept. 6.
Since the breach in September, GoDaddy found that the attacker was able to access up to 1.2 million active and inactive email addresses and customer numbers from Managed WordPress hosting users. The company warns affected customers that they could be subjected to phishing attacks due to the incident.
The breach also compromised the original WordPress Admin password used by the provisioner. But GoDaddy said passwords that were still in use at the time of the breach’s detection had been reset.
GoDaddy also confirmed that sFTP and database usernames and passwords of active customers were exposed. The company said those credentials have been reset as well at the time of disclosure.
A “subset of active customers” – but GoDaddy did not specify how many – also had their Secure Sockets Layer (SSL) private keys compromised in the breach. SSL is a commonly used internet security protocol. With SSL, data traveling from one website to another is encrypted, so anyone without the right SSL private key should be unable to access it. At the time GoDaddy announced the breach, the company said it had started providing new certificates for affected users.
Photo by Markus Spiske on Unsplash
