An unauthorised third party gained access to GoDaddy, a web host, domain registrar and website building platform, servers in its cPanel shared hosting environment and installed malware causing intermittent redirection of customer websites, the platform shared in a blog post.
The breach was first discovered in December 2022 after the platform investigated customer complaints about their sites being used to redirect to random domains.
The company claims that a sophisticated threat actor group, among other things, installed malware on its systems and obtained pieces of code related to some services in the Dec. 2022 attack.
The company also faced security events from 2020 to 2022, which it shared were carried out by the same attacker.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
In March 2020, a threat actor compromised the hosting login credentials of approximately 28,000 hosting users to their hosting accounts as well as the login credentials of a small number of the company’s personnel. In November 2021, using a compromised password, an unauthorised third party accessed the provisioning system in the company’s legacy code which impacted up to 1.2 million active and inactive MWP customers across multiple GoDaddy brands, the company shared in a filing to the Securities and Exchange Commission (SEC).
“To date, these incidents as well as other cyber threats and attacks have not resulted in any material adverse impact to our business or operations”, the company shared.
In April 2022, research by Cybernews discovered hundreds of compromised WordPress sites running malicious phishing adverts, with GoDaddy being hit the worst with 42 infected websites.
GoDaddy currently has 1.5 million paying customers with $4 billion in revenues, according to its latest SEC filing.