GoDaddy has revealed that cyber-criminals gained access to its systems, installed malware on its network and stolen parts of its source code in a multi-year intrusion.
The first incident of the kind occurred in March 2020, when GoDaddy officials said in the filing, “We discovered a threat actor compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts, as well as the login credentials of a small number of our personnel.”
Advertisement
Another incident occurred in November 2021, when an unauthorised third party accessed the legacy code base for Managed WordPress, or WMP, affecting 1.2 million active and inactive MWP customers using GoDaddy.
Then in December 2022, an unauthorised third party access to server hosted in its cPanel environment and installed malware that intermittently redirected random customer websites to malicious websites.
Recently, the company said it was working with multiple law enforcement agencies around the world, with forensics experts, to further investigate the matter.
“We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organised group targeting hosting services like GoDaddy,” the company said in a statement on Friday.
The company said, “Hackers goal was to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.”
GoDaddy revealed in a US Securities and Exchange Commission (SEC) filing that they believe hackers are the same who intruded in the website in March 2020.
Once the company confirmed the intrusion, they implemented security measures to prevent future intrusions.
“We are using lessons from this incident to enhance the security of our systems and further protect our customers and their data,” it said.
GoDaddy had warned users that this exposure can put users at greater risk of phishing attacks.