Share this story
GoDaddy said on Friday that its network suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites.
GoDaddy is one of the world’s largest domain registrars, with nearly 21 million customers and revenue in 2022 of almost $4 billion. In a filing Thursday with the Securities and Exchange Commission, the company said that three serious security events starting in 2020 and lasting through 2022 were carried out by the same intruder.
“Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the company stated. The filing said the company’s investigation is ongoing.
The most recent event occurred last December when the threat actor gained access to the cPanel hosting servers customers use to manage websites hosted by GoDaddy. The threat actor then installed malware on the servers that “intermittently redirected random customer websites to malicious sites.”
“We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy,” company officials wrote in a separate statement published on Thursday. “According to information we have received, their