GoDaddy says servers were attacked by hackers that stole code and installed malware
Website hosting company acknowledged attack in filings with the SEC last week
GoDaddy website servers are some of the latest to fall victim to fall victim to hackers seeking to install malware and cause intermittent redirections on customer website.
The website hosting company shared the news in its 10-K filing with the Securities and Exchange Commission last week, explaining a "sophisticated threat actor" conducted the hacking campaign for two years.
GoDaddy officials said in the filing, "In March 2020, we discovered a threat actor compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts, as well as the login credentials of a small number of our personnel."
FTX SAYS HACKERS STOLE $415M AFTER CRYPTOCURRENCY EXCHANGE FILED FOR BANKRUPTCY
The hosting credentials, the company said, did not provide access to the customers' main GoDaddy account.
GoDaddy said the customers that were affected were notified and the activities was reported to the regulatory authorities, though the resolution and outcome of the matter were uncertain.
Another incident occurred in November 2021, when an unauthorized third party accessed the legacy code base for Managed WordPress, or WMP, affecting 1.2 million active and inactive MWP customers using GoDaddy.
HACKER WHO BREACHED FAST COMPANY BRAGS ‘ANYONE COULD HAVE DONE IT’
Then in December 2022, an unauthorized third party accessed the cPanel hosting servers and installed malware that intermittently redirected random customer websites to malicious websites.
"We continue to investigate the root cause of the incident," GoDaddy said in the filing. "Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy."
In a separate statement made by GoDaddy on Feb. 16, the company said once the discovery was made that a third party gained access to the company’s servers, it remediated the situation and put security measures in place to prevent such infections from happening again.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
"We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy," the company said. "According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities. As we continue to monitor their behavior and block attempts from this criminal organization, we are actively collecting evidence and information regarding their tactics and techniques to help law enforcement."