GoDaddy Reports Multi-Year Security Breach Resulting in Malware Installations and Source Code Theft

On Friday, web hosting service provider GoDaddy revealed that it had experienced a security breach over several years. During the breach, unidentified cybercriminals were able to infiltrate the company's servers and install malware, as well as siphon off source code related to some of its services.

The company attributed the attack to a "sophisticated and organized group targeting hosting services." In December 2022, GoDaddy received several customer complaints regarding their websites redirecting to malicious sites intermittently. Upon investigation, the company discovered that an unauthorized third party had gained access to servers hosted in its cPanel environment.

The cybercriminals installed malware that caused the sporadic redirection of customer websites, with the ultimate aim of infecting websites and servers with malware for phishing campaigns and other malicious activities.

In a related filing with the U.S. Securities and Exchange Commission (SEC), GoDaddy disclosed that the December 2022 incident was connected to two other security events it experienced in March 2020 and November 2021.

The 2020 breach involved the compromise of login credentials for approximately 28,000 hosting customers and a small number of staff members. Meanwhile, in 2021, a rogue actor used a compromised password to access a provisioning system in GoDaddy's legacy code base for Managed WordPress (MWP). This incident affected nearly 1.2 million active and inactive MWP customers across various GoDaddy brands.