GoDaddy, a leading web hosting platform, disclosed experiencing a security breach from unidentified threat actors that stole its source code and injected malware into its servers. The web hosting platform said that the attackers breached its cPanel shared hosting environment, which led to the incident.
Furthermore, this breach was found to have been happening for multiple years before being discovered in December 2022, when customers started sending reports of their sites being redirected to random domains.
GoDaddy revealed that the past security breaches they disclosed in March 2020 and November 2021 were connected to the new incident.
In March 2020, the web hosting platform notified over 28,000 clients about a breach involving hackers using web-hosting account credentials to connect a malicious hosting account through SSH.
Subsequently, the November 2021 GoDaddy hack affected approximately 1.2 million customers of its Managed WordPress platform, stemming from hackers infiltrating a hosting environment via a compromised password.
In this incident, the attackers obtained customers’ email addresses, WordPress admin passwords, SSL private keys of a subset of active clients, and sFTP and database credentials.
The hosting giant is now investigating the recent security incident and has teamed up with security experts and law enforcement agencies to help them gather information about its scope.
Based on the company’s released statement last February 16, they have found additional evidence showing that cybercriminal groups have been targeting many web hosting companies worldwide, all under a broad cyberattack campaign.
GoDaddy revealed that they suspect a sophisticated and organised group of attackers aiming to target web hosting platforms like theirs. In this account, the company’s presumed goal of the attackers is to infect domains and servers with malware that would aid them in phishing campaigns, fraud, or other cybercriminal activities.
Massive cybercriminal activity occurrences are commonly seen from phishing actors utilising compromised websites. Thus, being one of the most popular web-hosting platforms worldwide, GoDaddy’s reports of security breaches over the years concerned cybersecurity experts.
There is currently no further comment from the web-hosting giant concerning this issue.
