News, 21.02.2023, 08:30 AM
GoDaddy, the world’s largest domain registrar and web hosting company, said unidentified attackers stole source code and installed malware on its servers thanks to years of access to the company’s network.
They were hacked by GoDaddy after an investigation launched in early December 2022 following complaints from users that their websites were being used to redirect to random domains. The company found that at least three security incidents from 2020 to 2022 could be attributed to the same group.
“Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated group of threat actors that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the company stated in the report which it submitted to the US Securities and Exchange Commission (SEC).
GoDaddy says the same attackers carried out the attack in 2021 when they accessed the email addresses of 1.2 million Managed WordPress users after hacking GoDaddy’s hosting environment using a compromised password.
The same unidentified group is also suspected of being behind an attack in 2020 when hackers compromised the login credentials of around 28,000 customers and several company employees.
In the latest attack, hackers occasionally installed malware and redirected users to seemingly random websites. GoDaddy claims that the issue has been resolved and that they have implemented security measures to prevent further attacks.
“We have evidence, and police have confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services such as GoDaddy,” the company said in a statement.
GoDaddy believes that hackers target hosting services to infect websites and servers with malware that can later be used in phishing campaigns, to distribute malware or other malicious activities.
GoDaddy has approximately 1.5 million users and generates over $4 billion in revenue.
Cover photo: Pixabay