One of the world’s largest hosters and domain name registrars, GoDaddy, reports that hackers have compromised the company’s infrastructure. Worse, the company concluded that this was just one in a series of related incidents. It turns out that unknown attackers had access to the company’s systems for several years, were able to install malware on its servers, and stole the source code.
Let me remind you that we also reported that the Epik hoster hack affected 15 million users, not just the company’s clients, and also that Fosshost, an Open-Source Project Hosting, Is Closing Down as Its Leader Disappeared.
According to a report filed by the company with the U.S. Securities and Exchange Commission, the security breach was discovered in December 2022, when customers began reporting that their sites were being used to redirect visitors to random domains. After conducting an investigation, GoDaddy experts came to disappointing conclusions:
It turned out that in December 2022, an attacker gained access to cPanel hosting servers, which customers use to manage sites hosted by GoDaddy. Then the hackers installed some kind of malware on the servers, and the malware “periodically redirected random client sites to malicious ones.”
In addition, incidents dated November 2021 and March 2020 are also reported to have been linked to these attackers.
Let me remind you that in 2021 it became known about the strange compromise of 1.2 million sites running on WordPress. All affected resources were hosted by GoDaddy, and then the company claimed that there was a hack and data leakage: the attackers gained access to the email addresses of all affected clients, their WordPress administrator passwords, sFTP and database credentials, and private SSL keys.
In 2020, GoDaddy notified 28,000 customers that in October 2019, attackers used their credentials to log into a hosting account and connect to their account via SSH.
Now, GoDaddy says it has found additional evidence linking these attackers to a larger malware campaign that has been going on for years against other hosting companies around the world.
GoDaddy is known to have engaged third-party security experts in the ongoing investigation and is also working with law enforcement around the world to uncover the source of these years-long attacks.