Web hosting service provider GoDaddy on Friday revealed a multi-year security breach that allowed unknown attackers to install malware and siphon the source code associated with some of its services.
The company believes the campaign is from a “sophisticated and organized group targeting hosting services.”
In December 2022, GoDaddy received complaints from an unspecified number of customers that their website sporadically redirected to malicious sites. It was later discovered that this was due to an unauthorized third party obtaining access to the servers hosted in the cPanel environment.
The attackers “installed malware that intermittently redirected customer websites,” the company said.
According to GoDaddy, the ultimate goal of the intrusion is to “infect websites and servers with malware to conduct phishing campaigns, malware distribution, and other malicious activities.”
In a related 10-K filing with the U.S. Securities and Exchange Commission (SEC), the company said the December 2022 incident was related to two other security events that occurred in March 2020 and November 2021. says that
The 2020 breach compromised the hosting login credentials of approximately 28,000 hosting customers and a handful of employees.
Then in 2021, GoDaddy discovered that unauthorized actors used compromised passwords to access its managed WordPress (MWP) legacy code-based provisioning system, killing nearly 1.2 million active and inactive users across multiple GoDaddy brands. said it impacted a large number of MWP customers.
