GoDaddy Reports Multi-Year Security Breach Resulting in Source Code Theft and Malware Installation

On February 18th, 2023, web hosting services provider GoDaddy announced a multi-year security breach that enabled unauthorized third parties to install malware and siphon source code related to some of its services. GoDaddy attributed the attack to a “sophisticated and organized group targeting hosting services.”

The company discovered the breach in December 2022 after receiving customer complaints about sporadic website redirections to malicious sites. GoDaddy later found that an unauthorized third party had gained access to servers hosted in its cPanel environment and had installed malware, which caused the intermittent redirection of customer websites.

According to GoDaddy, the ultimate objective of the breach was to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.

In a related filing with the U.S. Securities and Exchange Commission (SEC), GoDaddy stated that the December 2022 incident is connected to two other security events it encountered in March 2020 and November 2021. The 2020 breach involved the compromise of hosting login credentials for about 28,000 hosting customers and a small number of its personnel. Then in 2021, GoDaddy reported that a rogue actor had used a compromised password to access a provisioning system in its legacy code base for Managed WordPress (MWP), affecting close to 1.2 million active and inactive MWP customers across multiple GoDaddy brands.

GoDaddy has not disclosed the number of customers affected in the multi-year security breach, but it has stated that it is working with law enforcement and forensic experts to investigate the incident further. The company is also taking measures to ensure the security of its customers by implementing additional security controls, including multifactor authentication and advanced monitoring capabilities.

Customers of GoDaddy are advised to reset their passwords and enable multifactor authentication to protect their accounts. Additionally, customers should monitor their accounts and websites for any unusual activity or signs of unauthorized access.

In conclusion, the multi-year security breach experienced by GoDaddy is a stark reminder of the evolving nature of cyber threats and the need for organizations to invest in robust security measures to protect their customers' data and digital assets.

Thank you for reading our blog today. We hope you found the information helpful and informative. If you enjoyed this blog, be sure to follow us on Twitter, Instagram, Linkedin, GitHub, Website, and Youtube for more exciting content and updates. If you have any questions or comments, please feel free to reach out to us. We would love to hear from you. Don't forget to share this with your friends and family who may also find this information useful. Thank you for your support and stay tuned for more!