GoDaddy Says 'Sophisticated' Hacking Group Hijacked Customer Accounts
GoDaddy, one of the world’s largest domain registrars, said in a filing(Opens in a new window) this week that it fell victim to a two-year security breach that saw unknown attackers steal customer and employee login details, and seize company source code.
In the Securities and Exchange Commission filing, the company said the attackers also installed malware that meant customer websites were redirected to malicious sites. The attackers were allegedly responsible for three security breaches, the first beginning in 2020 and the last happening in 2022.
GoDaddy, which has over 20 million customers, said its investigations into the breaches were ongoing and that they so far believe that the incidents “are part of a multi-year campaign by a sophisticated threat actor group.”
The company said in the filing that the group “installed malware on our systems and obtained pieces of code related to some services within GoDaddy … among other things.”
As Ars Techinca notes(Opens in a new window), the most recent malware event happened in December 2022, when the threat actors reportedly gained access to the hosting servers that GoDaddy customers use to manage websites that the company hosts, and installed malware on them. That malware, GoDaddy said, “intermittently redirected random customer websites to malicious sites.”
In a statement(Opens in a new window) posted Thursday, officials from GoDaddy said that the threat actors’ goal is to “infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”
Back in March 2020, the group gained login credentials that enabled it to have access to a “small number” of employee accounts, as well as the hosting accounts of around 28,000
Read more on pcmag.com
