GoDaddy, the large web hosting company, recently announced that it was hit by a security breach. According to the company, attackers were able to get into their cPanel shared hosting environment and stole valuable source code, while also installing malware on their servers. This attack went unnoticed for several years.
The company claims that the multi-year campaign is also responsible for the previous breaches that were made public in May 2020 and November 2021.
In May 2020, attackers accessed the login details of about 28,000 customers’ web hosting accounts. And in November 2021, they stole the source code for a service called Managed WordPress. But things got worse in December 2022 when the hackers managed to install malicious software on GoDaddy’s cPanel hosting servers. The company only made this latest data breach public recently.
GoDaddy also believes that the same attackers were responsible for the 2021 breach, which resulted in 1.2 million Managed WordPress customers’ email addresses being stolen by an unauthorised third party.
Unfortunately, attackers were able to see the email addresses of everyone who was affected by this incident. They also got hold of some sensitive information, such as WordPress Admin passwords, sFTP and database credentials, and SSL private keys for some of our active clients.
According to a Securities and Exchange Commission (SEC) filing by the hosting company:
Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.
In a recent incident, GoDaddy claimed that three severe security breaches had affected the corporation, which has 21 million users and over $4 billion in revenue.
GoDaddy’s Response to Data Breaches
GoDaddy is currently collaborating with cybersecurity experts from outside the company and law enforcement agencies from around the world to investigate the reasons behind the security breach. This investigation is ongoing, and they are putting in a lot of effort to get to the root of the problem.
In the latest attack, cybercriminals installed malware that caused users to be redirected to various websites without warning. GoDaddy has since resolved the issue and has put measures in place to ensure that similar attacks do not happen in the future.
In a statement, the company mentioned:
We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy. According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.
According to GoDaddy, there have been multiple security breaches over the course of several years, but thankfully, they haven’t caused any major disruptions to their business operations. To prevent such breaches from happening again, the company is planning to strengthen its security measures and resources to better protect against potential data security events.
Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.