GoDaddy, a web hosting company, has disclosed that during a multi-year period, hackers broke into its systems, planted malware on its network, and stole some of its source code. The business announced that it was collaborating with several international law enforcement organizations and forensics specialists to investigate the matter further.
On Friday, the business issued a statement claiming, “We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy.” The hackers aimed to use malware to infiltrate websites and servers in order to conduct phishing scams, distribute malware, and engage in other illegal operations.
GoDaddy stated that it thinks the hackers are the same gang that it discovered within the business’s networks in March 2020 in a file with the US Securities and Exchange Commission (SEC). When GoDaddy began getting a few customer complaints about their websites being intermittently rerouted in December 2022, it first became aware of the incursion.
GoDaddy had disclosed that almost 1.2 million of its WordPress users private information has been hacked
After looking into the concerns, it was discovered that the sporadic redirections occurred on various disparate websites housed on its “cPanel shared hosting servers and were not easily reproducible by GoDaddy, even on the same website”.
The business remedied the problem and implemented security measures after confirming the penetration to stop further infections. It said: “We are using lessons from this incident to enhance the security of our systems and further protect our customers and their data.”
GoDaddy, a major site hosting service provider, disclosed that almost 1.2 million of its WordPress users’ private information had been hacked in November 2021. GoDaddy forewarned users that this disclosure might increase their vulnerability to phishing attempts.
The firm is known to be one of the biggest domain registrars in the world
One of the biggest domain registrars in the world, GoDaddy, disclosed this week that it had experienced a two-year security breach that resulted in the theft of customer and staff login information and corporate source code by unidentified attackers. The assailants reportedly committed three security lapses, the first of which happened in 2020 and the final in 2022. The business complained to the Securities and Exchange Commission that the attackers also installed malware that caused client websites to be rerouted to dangerous websites.
GoDaddy, which has more than 20 million clients, stated that it is still looking into the breaches and that they currently think they “are part of a multi-year campaign by a sophisticated threat actor group.” The gang “installed malware on our systems and obtained pieces of code related to several services within GoDaddy, among other things,” the business said in the lawsuit.
According to Ars Techinca, the most recent malware incident occurred in December 2022, when the threat actors allegedly infected hosting servers used by GoDaddy clients to administer their websites. GoDaddy said the spyware “intermittently redirected random customer websites to malicious sites.”
