After web hosting firm GoDaddy revealed a multi-year breach resulting in stolen source code and malware that triggered some customers’ websites to redirect visitors to malicious URLs, questions are being raised about the lasting impact of the breach and the slow rollout of details to customers.
Specific revelations of the attack were made public on Thursday via a GoDaddy 10-K filing with the U.S. Security and Exchange Commission (SEC). The SEC filings were in response to Federal Trade Commission subpoenas tied to the incidents, first made public May 2020. At the time, GoDaddy did not detail the extent of the breach.
The GoDaddy disclosure last week also did not include technical details for the breaches or indictors of compromise that could be used by customers to fend off attacks or determine if they were impacted.
A post-breach analysis of the incident by GoDaddy indicated three significant attacks by one intruder.
GoDaddy breach rewind
One in December 2022, GoDaddy reported for the first time a sophisticated threat actor gained access to its cPanel hosting servers, then installed malware that “intermittently redirected random customer websites to malicious sites.”
On Feb. 16, GoDaddy issued a separate statement stating: “Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.”
Last week’s disclosure of three separate attacks was the first time the company revealed the December 2022 breach and also the first time it linked the three attacks together.