Webhosting giant GoDaddy suffered a breach where attackers managed to steal source code and installed malware on its servers. Godaddy reported breaches in November 2021 and March 2020. Now the company claims that the recent breach is also linked to those breaches.
In December 2022, GoDaddy received several customer complaints about their websites getting redirected to malicious sites. After the investigation, the company found that the issue was due to an unauthorized third party gained access to servers hosted in its cPanel environment.
GoDaddy is now working with law enforcement agencies and external cybersecurity forensics experts to investigate the root cause of the breach.
“Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the hosting firm said in an SEC filing.
GoDaddy is one of the domain registrars and web hosting providers with over 20 million customers worldwide. This breach will also put users at risk of phishing attacks. So existing customers should take care of. This incident will surely affect its reputation. Many big clients will surely think of switching to other service providers.
The 2022 breach affected about 28,000 hosting customers. In 2021, a hacker gained access to the provisioning system in its legacy code base for Managed WordPress. It affected close to 1.2 million active and inactive MWP customers.
