UPDATE: Nov. 24, 2021: The massive breach at GoDaddy has directly impacted several WordPress resellers, the web hosting provider and domain registrar confirmed via email. 
“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost,” a spokesperson for GoDaddy said via email. “A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”
Comes apologized to customers and said the company takes the responsibility of securing data very seriously. 
“We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection,” Comes said.
The incident marks the second significant security breach at GoDaddy in about two years. In May 2020, GoDaddy disclosed a data breach that took place in October 2019, which impacted 28,000 customers. 
A breach such as the GoDaddy attack can put business and consumers at risk of phishing attacks, identify theft and credit card fraud, according to Steve Turner, analyst of security and risk at Forrester. 
“This also exposes people who were impacted to advanced attacks where the adversaries can craft very targeted campaigns based on the data that they’ve gleaned from these WordPress databases, which would allow them to impersonate the merchants or others down to the extreme detail,” Turner said in an email. 
Businesses should purge customer data that isn’t currently being used to lower the potential downstream risk of the breach, which revealed information related to current and past customers. 
From an enterprise standpoint, the GoDaddy breach is an illustration of why identity is the security perimeter and is constantly under attack, according to Gartner Research VP Peter Firstbrook
“This attack, along with the Nobelium attacks, the recent Azure CosmosDB vulnerability and numerous other examples, demonstrate why we should expect sustained attacks on the identity system,” Firstbrook said. “Enterprise security managers must improve their focus on identity detection and response.”
GoDaddy did not return a request for comment. 
Get the free daily newsletter read by industry experts
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 
The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.
The free newsletter covering the top industry headlines

source