GoDaddy announced to its users that they experienced a multi-year security breach that led to losing data within their possession. According to the company report, the breach helped the attackers to access the company source code. This allowed them to install redirection malware and steal customer and employee login credentials.
The hosting website said in its press release that the company started receiving complaints about some abnormalities in December last year. "In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected. Upon receiving these complaints, we investigated and found that the intermittent redirects were happening on seemingly random websites hosted on our cPanel shared hosting servers and were not easily reproducible by GoDaddy, even on the same website," GoDaddy recalled.
GoDaddy domain is one of the world's largest domain registrars, with over 20 million customers. It is a multi-billion dollar company that generated about $4 Billion only in 2022. According to a filing that they submitted to the Securities and Exchange Commission, the issue started from 2020 till 2022. Apparently, the hackers have been stealing customer credentials for a long period without their notice.
"Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the company said in its SEC filing for GoDaddy breach 2022.
GoDaddy domain has released a statement saying they have contacted security services that will help them fish out the perpetrators of this offense." We are working with multiple law enforcement agencies around the world, in addition to forensics experts, to further investigate the issue. We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy. According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities," GoDaddy said.
The Past Security Breach in 2020
According to their report, the GoDaddy breach in 2022 wasn't the only one they suffered. A similar security breach happened in 2020, and they issued a statement about it. A series of attacks that happened between late 2019 and 2020 led to the hack of many websites, such as Mozilla and Yelp. When these attacks happened, the hackers used these websites to publish notes that said they would blow up school buildings.
When the attack happened in 2020, the credentials of GoDaddy domain users and their employees were stolen. GoDaddy had issued a statement when this attack happened, saying they were doing everything to secure their customers. But another attack occurred in 2021 when GoDaddy reported another source code breach.
They issued a statement after this attack in 2021, saying, "on November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment."
"We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down," GoDaddy added.