According to GoDaddy, a “sophisticated” hacking group has hijacked customer accounts

GoDaddy, one of the world’s largest domain registrars, said in a filing(Opens in a new window) This week it fell victim to a two-year security breach in which unknown attackers stole customer and employee login credentials and seized the company’s source code.

In the filing with the Securities and Exchange Commission, the company said the attackers also installed malware that meant customer websites were redirected to malicious sites. The attackers were allegedly responsible for three security breaches, the first starting in 2020 and the last in 2022.

GoDaddy, which has over 20 million customers, said its investigations into the breaches are ongoing and that so far they believe the incidents are “part of a multi-year campaign by a sophisticated group of threat actors.”

The company said in the filing that the group “installed malware on our systems and received snippets of code related to some services within GoDaddy…among other things.”

As Ars Techinca notes(Opens in a new window), the most recent malware event happened in December 2022, when the threat actors reportedly gained access to the hosting servers that GoDaddy customers use to manage websites that the company hosts and installed malware on them. This malware, according to GoDaddy, “intermittently redirected random customer websites to malicious sites.”

In an opinion(Opens in a new window) On Thursday, GoDaddy officials said the threat actors’ goal is to “infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”

Recommended by our editors

As early as March 2020, the group received credentials that enabled it to access a “small number” of employee accounts, as well as the hosting accounts of around 28,000 customers. The customers who did not have any of GoDaddy’s main accounts breached have been notified(Opens in a new window) in May 2020.

A third breach in November 2021 gave the group access to the source code for GoDaddy’s Managed WordPress service, which the company uses to build and manage its customers’ websites that use WordPress.

SecurityWatch<\/strong> newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs”>

Do you like what you read?

Sign up for security guard Newsletters for our top privacy and security stories, delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. By subscribing to a newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe from the newsletter at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *