
GoDaddy said Friday that its network suffered a years-long security breach after unknown attackers stole the company’s source code, customer and employee login credentials, and redirected customers’ websites to malicious sites. You said you were able to install malware.
GoDaddy is one of the world’s largest domain registrars, with approximately 21 million customers and 2022 revenues of approximately $4 billion. In filings with the Securities and Exchange Commission on Thursday, the company said his three major security events, spanning from 2020 to 2022, were carried out by the same intruder.
“Based on our research, these incidents were part of a multi-year campaign by a group of advanced threat actors to install malware on our systems and to compromise some services within GoDaddy, among other things. We believe we have obtained a code to do so,” the company said. said. The filing said an investigation into the company is ongoing.
The most recent event occurred last December, when the attackers gained access to cPanel hosting servers that customers use to host websites hosted by GoDaddy. The attacker then installed malware on the server and “intermittently redirected her website of random customers to a malicious site.”
In a separate statement released Thursday, a company official said, “There is evidence that this incident was carried out by a highly organized group targeting hosting services like GoDaddy, and law enforcement agencies I have also confirmed,” he said. “According to the information we have received, their apparent goal is to infect websites and servers with malware to conduct phishing campaigns, malware distribution, and other malicious activities.”
In another event in March 2020, the attackers obtained login credentials that allowed access to a “small number” of employee accounts and approximately 28,000 customer hosting accounts. The hosting login credentials did not allow access to the customer’s main girlfriend’s GoDaddy account. The breach was revealed in a notice sent to affected customers in May 2020. The company said Thursday that the Federal Trade Commission is responding to subpoenas related to the incidents he issued in July 2020 and he issued in October 2021.
GoDaddy discovered another incident in November 2021 in which a threat actor obtained a password that allowed access to the source code of GoDaddy’s Managed WordPress service, which uses a WordPress content management system to streamline the creation and management of customer sites. Did. Since her September of that year, unauthorized third parties have used access to access the WordPress administrator accounts, FTP accounts, and email addresses of her 1.2 million current and inactive managed WordPress customers. I have obtained the login credentials for . GoDaddy disclosed the breach on November 22, 2021.
Over the years, security lapses and vulnerabilities have resulted in a series of questionable events involving the vast number of sites hosted by GoDaddy. For example, in 2019, a misconfiguration of GoDaddy’s domain name system services led to hackers hijacking a number of his websites owned by his Expedia, Yelp, Mozilla, etc., and using them to destroy buildings and I was able to release a ransom note threatening to blow up the school. A vulnerability in DNS exploited by hackers came to light three years ago.
Also in 2019, research campaigns using hundreds of compromised GoDaddy customer accounts to create 15,000 websites and publish spam promoting weight loss products and other products promising miraculous results person discovered.