GoDaddy, one of the world's largest web hosting companies, revealed that it had suffered a major security breach in which hackers gained access to its network for several years. The attackers were able to steal the company's source code and install malware on its servers, which posed a significant threat to its more than 20 million customers worldwide.
The breach came to light in December 2022, after several GoDaddy customers reported that their sites were being used to redirect to random domains. The company's internal investigation revealed that the attackers had gained access to its cPanel shared hosting environment, where they had been able to infiltrate its systems and remain undetected for a long time. The hackers had been able to operate under the radar, thanks to their sophisticated techniques and extensive knowledge of GoDaddy's systems and processes.
According to GoDaddy, this incident is part of a broader multi-year campaign by a highly sophisticated threat actor group that has targeted other hosting companies worldwide. The company believes that previous breaches in 2021 and 2020 are also linked to this same campaign. In the 2021 incident, hackers breached GoDaddy's WordPress hosting environment using a compromised password, resulting in a data breach that affected 1.2 million Managed WordPress customers. The hackers were able to access the email addresses of all impacted customers, along with their WordPress Admin passwords, sFTP and database credentials, and SSL private keys of a subset of active clients.
In the 2020 breach, GoDaddy notified 28,000 customers that an attacker had used their web hosting account credentials to connect to their hosting account via SSH in October of that year. This breach did not result in any data being stolen, but it highlighted the risks posed by weak passwords and the importance of good password management practices.
In the wake of the 2022 breach, GoDaddy is working with external cybersecurity forensics experts and law enforcement agencies worldwide to investigate the root cause of the attack. The company has assured its customers that it is taking all necessary steps to secure its systems and prevent future breaches.
It is clear that this attack was carried out by a highly sophisticated and organized group that has targeted hosting services like GoDaddy for years. The attackers' apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities. This news highlights the growing threat of cyberattacks and the importance of robust cybersecurity measures for all businesses, especially those that handle sensitive customer data.
