GoDaddy is a popular web hosting company with millions of customers worldwide. Users are alarmed to find that attackers stole the company’s source code.
The hosting giant found the security breach in early December 2022 after it received
customer reports. From there, it carried out a comprehensive investigation. GoDaddy
disclosed that its sites are being redirected to random domains.
Security experts do not know who was behind the attack. No one has claimed responsibility. What they do know is they are a sophisticated group after successfully installing malware into GoDaddy systems. The attackers also got parts of the services’ source code.
Investigations showed that the attackers had access to the company network. And they had it for years.
Multi-Year Hacking Campaign
GoDaddy believes the attack is part of a campaign. They had other hacks in the past. The
techniques show it is part of the same campaign.
A data breach in November 2021 affected more than 1 million customers. The attack focused on Managed WordPress service. The attackers used a compromised password to get into the hosting environment. It exposed customer data like emails and passwords.
The company had another breach in March 2020. Attackers gained access to more than
28,000 user accounts. They used this to connect to their hosting.
Evidence shows that the attack is part of a bigger campaign. Cybercriminals are targeting
web hosting companies.
Why Attackers Target GoDaddy
Cybercriminals target companies handling valuable information. GoDaddy has access to a lot of that. It offers hosting services to more than 20 million customers worldwide. To criminals, that means 20 million data sets. Those customers have customers as well, possibly compounding the exposed data.
GoDaddy Response
GoDaddy is continuing to investigate the incident, according to its official blog. It has
uncovered what the criminals did and how they did it.
The company has begun working with forensic experts to find more information. Law
enforcement is helping with the investigation. The goal is to find the attackers before they do more damage.
Right now, the company is focusing on three things:
- Blocking further breaches by the attackers.
- Monitoring the situation.
- Gathering more evidence.
All the information is being filed and shared. It helps in fighting against attackers and
potential cyber threats. It takes a village to protect data.
Conclusion & What It Means for You
GoDaddy’s security breach has far-reaching consequences, including for business owners. If you use GoDaddy, your business’s information may have been exposed. If you use another service, the incident still highlights the risk you face. Every business owner should see this incident as a reminder of how important it is to have cybersecurity measures in place to protect both you and your customers. As GoDaddy found out, your business’s information is not the only data risk – you also have a responsibility to protect your customers’ data.
