Skip to main content
GoDaddy: Hackers stole source code, installed malware in multi-year breach Started by DeadMan · · Read 9354 times 0 Members and 2 Guests are viewing this topic. previous topic - next topic

GoDaddy: Hackers stole source code, installed malware in multi-year breach

GoDaddy: Hackers stole source code, installed malware in multi-year breach

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.

While GoDaddy discovered the security breach in early December 2022 following customer reports that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.

"Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the hosting firm said in an SEC filing.

The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign.

The November 2021 incident led to a data breach affecting 1.2 million Managed WordPress customers after attackers breached GoDaddy's WordPress hosting environment using a compromised password.

They gained access to the email addresses of all impacted customers, their WordPress Admin passwords, sFTP and database credentials, and SSL private keys of a subset of active clients.

After the March 2020 breach, GoDaddy alerted 28,000 customers that an attacker used their web hosting account credentials in October 2019 to connect to their hosting account via SSH.

GoDaddy is now working with external cybersecurity forensics experts and law enforcement agencies worldwide as part of an ongoing investigation into the root cause of the breach.

Links to attacks targeting other hosting companies

GoDaddy says it also found additional evidence linking the threat actors to a broader campaign targeting other hosting companies worldwide over the years.

"We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy," the hosting company said in a statement.

"According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities."

GoDaddy is one of the largest domain registrars, and it also provides hosting services to over 20 million customers worldwide.



Source: Bleeping Computer

Re: GoDaddy: Hackers stole source code, installed malware in multi-year breach

Reply #1

I read that earlier today...there are advantages to using relatively obscure hosting services and building your own platform "ala carte".  i.e. Forum platform by ElkArte, for example instead of your host's turn-key platform.. keeps the key-count down.
FWIW, GoDaddy has significantly raised their prices for both Hosting and DSN registration services in the past year. Maybe dealing with these breaches has become an expensive activity...
There's much to be said about "Security through obscurity"

// Deep inside every dilemma lies a solution that involves explosives //



Re: GoDaddy: Hackers stole source code, installed malware in multi-year breach

Reply #4


I wasn't unaware that you'd be getting a subtle plug with my reply in the process.  (I also have hosted domains although I don't advertise that, for reasons that I'll explain in part ..)


The brighter your light, the more bugs you attract..

...and as a link on that page indicates, there are lots of "bugs" out there that are difficult to swat and take a long time to do so.  And that's just one genus of bug.
There are entirely different expectations for domain registrars vs. domain hosts, and doing both blurs the demarcation both in the minds of the lay community and the service provider itself, never mind that there's a major unresolved legal controversy surrounding hosting/publication definitions, not only in the US  but almost every 'political' jurisdiction on the planet. You're damned if you do and damned if you don't in many aspects of your operations. I've been hosting for 30 years, and so far I've managed to avoid having anyone write a wiki page listing all my "misdoings"  :cool:

BTW, there's an acquaintance of mine from 50 years ago, a guy named Don Lancaster who wrote a number of technical 'how to' books (such as the CMOS Cookbook), who also wrote a very insightful guide called "The incredible Secret Money Machine" that pretty much embodied the philosophy of lots of little is much better than one very big if you want to have a happy sustainable life.  I wouldn't want to be GoDaddy.

// Deep inside every dilemma lies a solution that involves explosives //

Re: GoDaddy: Hackers stole source code, installed malware in multi-year breach

Reply #5

Can't say I miss the days when I used shared hosting  :shocked:  That is some breach !