GoDaddy Discloses Data Breach Spanning Multiple Years

GoDaddy, a major provider of web hosting services, claims that a multi-year attack on its cPanel shared hosting environment resulted in a breach where unidentified attackers stole source code and installed malware on its servers.

While the attackers had access to the company’s network for a number of years, GoDaddy only learned about the security breach after receiving customer complaints in early December 2022 that their sites were being exploited to reroute to arbitrary domains.

GoDaddy Speaks on the Breach

Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,

GoDaddy (Source)

According to BleepingComputer, the web hosting company believes that previous breaches disclosed in November 2021 and March 2020 are also linked to this campaign.

The threat actors gained access to the customers’ email addresses, their WordPress Admin password, sFTP and database credentials, and SSL private keys of a subset of active clients.

Investigations Are Undergoing

GoDaddy is working with law enforcement agencies and external cybersecurity experts worldwide to get to the root of the breach.

The web hosting company also declared that it found evidence linking the threat actors to a broader campaign. The campaign is said to have been impacting hosting companies worldwide over the years.

On February 16th, the company released a statement, reading:

We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy… According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.

GoDaddy Statement on the Breach (Source)

BleepingComputer reached out to GoDaddy for additional information on the situation but has yet to receive an answer.

GoDaddy provides hosting services to over 20 million customers and is one of the largest domain registrars worldwide.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.

图片[1]|GoDaddy Discloses Data Breach Spanning Multiple Years|黑客技术网图片[2]|GoDaddy Discloses Data Breach Spanning Multiple Years|黑客技术网If you liked this post, you will enjoy our newsletter.Get cybersecurity updates you\’ll actually want to read directly in your inbox.

Source: /sraey-elpitlum-gninnaps-hcaerb-atad-sesolcsid-yddadog/golb/moc.ytirucesladmieh

© 版权声明
点赞6 分享
评论 抢沙发