GoDaddy, one of the world’s largest web hosting services, said in a filing(Opens in a new window) this week that it fell victim to a two-year security breach that saw unknown attackers steal customer and employee login details and seize company source code.
In the Securities and Exchange Commission filing, the company said the attackers also installed malware that redirected customer websites to malicious sites. The attackers were allegedly responsible for three security breaches between 2020 and 2022.
GoDaddy, which has over 20 million customers, said its investigations into the breaches are ongoing and that it so far believes the incidents “are part of a multi-year campaign by a sophisticated threat actor group.”
The company said in the filing that the group “installed malware on our systems and obtained pieces of code related to some services within GoDaddy…among other things.”
As Ars Techinca notes, the most recent attack happened in December 2022, when the threat actors reportedly gained access to the hosting servers used by GoDaddy customers to manage their websites, and installed malware on them. That malware, GoDaddy said, “intermittently redirected random customer websites to malicious sites.”
In a statement posted Thursday, officials from GoDaddy said that the threat actors’ goal is to “infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
Latest IT Security
On March 20, 2023, the Wordfence Threat Intelligence team began the responsible...
On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible...
Automattic, the company behind the WordPress content management system, is force installing...
The web host says it fell victim to a two-year security breach...
In March 2020, the group gained login credentials that enabled it to access a “small number” of employee accounts, as well as the hosting accounts of around 28,000 customers. The customers, none of whose main GoDaddy accounts were breached, were notified in May 2020.
A third breach, in November 2021, saw the use a stolen password to compromise 1.2 million customers’ WordPress instances, getting access to email addresses, usernames, passwords, and, in some cases, their websites’ SSL private keys. “Based on our investigation, we believe these incidents are part of a multiyear campaign by a sophisticated threat actor group,” the filing reads.
“We apologize for any inconvenience this may have caused to any of our customers or visitors to their websites,” the company said in a statement. “We are using lessons from this incident to enhance the security of our systems and further protect our customers and their data.”
That apology—and pledge to improve security—would be more reassuring if it weren’t the third time GoDaddy confessed to being breached by the same hacker group in as many years.