GoDaddy Confesses to Data Breach Affecting Customers’ Sites
GoDaddy, the popular web hosting and domain registrar company, confessed to suffering multi-year hacker attacks dating back to March 2020 that left its servers compromised and source code stolen. The company discovered a connection between the attacks almost three years after the first incident.
In early December 2022, GoDaddy received a small number of customer complaints related to the same problem: their site had been “intermittently redirected.” After looking up the issue, the company discovered that the hackers installed malware on their cPanel shared hosting servers that resulted in their website being redirected to suspicious domains.
According to an SEC filing, GoDaddy believes the same group of hackers is responsible for various security breaches on their properties. In March 2020, the group stole 28,000 customer login details, plus some belonging to GoDaddy employees. In November 2021, hackers compromised 1.2 million WordPress installations using a stolen password. The malicious group accessed millions of usernames, email addresses, passwords, and even SSL keys.
“Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group,” the filing reads. The company also cautioned that these incidents are not limited to their servers and that other hosting providers are at risk.
“We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy,” the company’s official statement reads. “According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.”
GoDaddy has assured its customers that it has implemented additional security measures and works with law enforcement to ensure such incidents do not happen in the future. “Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.”