GoDaddy confirms multiple data breaches in the last three years
US-based web hosting provider GoDaddy has confirmed that the company suffered multiple data breaches in the last three years in a regulatory filing to the US Securities and Exchange Commission (SEC).
The first of such incident happened in March 2020, when 28,000 customers were alerted that an attacker had used their web hosting account credentials to connect to their hosting account.
In November 2021, GoDaddy’s Managed WordPress hosting environment was breached, leading to a data breach that affected 1.2 million customers. The attackers gained access to sensitive information such as email addresses, passwords, and its encryption-based Internet security protocol SSL private keys.
Later in December 2022, hackers went a step ahead breaching GoDaddy's server and by stealing source code installing malware on its servers after breaching its C-Panel shared hosting environment, according to a report on Bleeping Computer. This enabled bad actors to divert the company's clients to compromised websites and steal their credential data.
“Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the company stated in the SEC filing.
GoDaddy is currently working with external cybersecurity forensics experts and law enforcement agencies worldwide to investigate the root cause of the breach. However, GoDaddy maintains that cyber-attacks have not resulted in any material adverse impact on its business or operations.
It is not just GoDaddy, this hacking attempts have become a serious threat to all technology companies offering similar website domains and hosting service providers. Law enforcement agencies around the world are aware of the malicious campaigns carried out by organised hacker groups and, the company noted this in a separate statement to the media.
On February 5, a Reddit employee’s credentials were stolen in a targeted phishing attack, an administrator for the website has revealed, and hackers were able to infiltrate its systems.
As per the information available with GoDaddy, the primary goal of cyber criminals is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.
As per report on GoDaddy’s blog on August 2022, the company caters to 1.3 million customers in India that include small business owners, web professionals, freelancers, and resellers to name a few.
CyberPeace, an organisation that address cyber security and challenges of the digital age has published an advisory for customers to take appropriate measures to protect their accounts and information. The company recommends users enable multi-factor authentication (MFA) for their GoDaddy login, regularly back up their websites and also monitor any systems connected to their domains, such as email or databases for any signs of unauthorised access or changes.