GoDaddy says ‘sophisticated’ hacking group hijacked customer accounts
GoDaddy, one of the world’s largest web hosting services, said in a filing(Opens in a new window) this week it fell victim to a two-year security breach that saw unknown attackers steal customer and employee login details and seize the company’s source code.
In the Securities and Exchange Commission filing, the company said the attackers also installed malware that redirected customers’ websites to malicious sites. The attackers are said to have been responsible for three security breaches between 2020 and 2022.
GoDaddy, which has more than 20 million customers, said its investigations into the breaches are ongoing and that so far it believes the incidents “are part of a multi-year campaign by a sophisticated threat actor group.”
The company said in the filing that the group “installed malware on our systems and obtained code snippets related to some services within GoDaddy … among other things.”
As Ars Techinca notes(Opens in a new window), the most recent attack occurred in December 2022, when the threat actors allegedly accessed the hosting servers used by GoDaddy customers to manage their websites and installed malware on them. The malware, GoDaddy said, “periodically redirected random customer websites to malicious websites.”
In a statement(Opens in a new window) posted Thursday, GoDaddy officials said the threat actors’ goal is to “infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
Recommended by our editors
In March 2020, the group obtained login information that allowed it to access a “small number” of employee accounts, as well as hosting accounts of around 28,000 customers. The customers, where none of the main GoDaddy accounts were breached, were notified(Opens in a new window) in May 2020.
A third breach, in November 2021, gave the group access to the source code of GoDaddy’s Managed WordPress service, which the company uses to create and manage its customers’ websites using WordPress.
Do you like what you read?
Sign up SecurityWatch newsletter for our best privacy and security stories delivered straight to your inbox.