The famous hosting service provider, GoDaddy, has suffered a cybersecurity breach that gave threat actors access to source codes and installed malware on its server. GoDaddy reported that the breach was first discovered in December 2022 following reports by a customer about site redirection to a random domain. Further investigation proved that the attack had gone unnoticed for years because the attacker had been on the company’s network for a long time.
In an SEC filing, the hosting firm said, “Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,”
The hosting giant agreed to the previous breach discovered in March 2020 and November 2021 being linked to the multi-year campaign stated in the SEC filing.
As a safety precaution in March 2020, GoDaddy reached out to over 28,000 of her customers with information about an attacker using their web hosting account credentials in October 2019 to connect to their hosting account via SSH.
A deeper dive into the November 2021 incident revealed that about 1.2 million managed WordPress customers were affected by the hacker’s access to the WordPress hosting environment using sophisticated hacking tools and techniques.
The breach has led to GoDaddy employing several security measures to protect its customer’s interests and get to the root of the attack by contracting reputable cybersecurity forensic experts. The investigation also led to a more interesting and threatening discovery about other hosting companies yet to know they are under attack by the same hacker group.
According to GoDaddy, the aim of the hackers is known, and measures have been taken to stop them and prevent such from happening in future.
