GoDaddy Discloses Multi-Year Security Breach That Resulted In Malware Installs, Source Code Theft

(The AEGIS Alliance) – GoDaddy, which provides web hosting services, has recently announced a security breach that took place over several years, resulting in malware installation and the theft of source code related to some of its services by unknown actors. The company believes the attack was carried out by a highly sophisticated and organized group that specifically targeted hosting services.

In December 2022, a number of GoDaddy’s customers reported that their websites were being redirected to malicious sites intermittently. GoDaddy subsequently found that an unauthorized third party had gained access to servers hosted in its cPanel environment and had installed malware that caused the redirection of customer websites. The objective of the attacks, according to GoDaddy, was to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.

In a 10-K filing with the U.S. Securities and Exchange Commission (SEC), GoDaddy has disclosed that the December 2022 incident is linked to two other security events that it experienced in March 2020 and November 2021.

In 2020, the company had detected the compromise of the hosting login credentials of approximately 28,000 hosting customers and a small number of its staff.

In 2021, a rogue actor used a compromised password to gain entry into a provisioning system in the company’s legacy code base for Managed WordPress (MWP), affecting almost 1.2 million active and inactive MWP customers across various GoDaddy brands.

[esi random-aegis-post ttl="0"]

Jeffrey Childers – The AEGIS Alliance – This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

The AEGIS Newsletter sends out automatically after 12 articles are published. May also include occasional updates about our YouTube Channel. Signup Form:



Leave A Comment

  1. Years? They didn’t know for years? I can’t fathom that. Either they’ve been very lazy and not looking at the code, or they’re part of this.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

The AEGIS Newsletter sends out automatically after 12 articles are published. May also include occasional updates about our YouTube Channel. Signup Form:


All things AEGIS in one place: https://bit.ly/m/aegisalliance


Signup for The AEGIS Alliance Newsletter!
The newsletter sends out automatically after eight new posts are published. Newsletters may also contain occasional updates about what's new on our YouTube channel.
Submit
You can unsubscribe at any time!
close-link

Sharing is Caring!

Please share this post with your friends
close-link