GoDaddy Says Hackers Stole Source Code, Installed Malware in Multi-Year Breach

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack. From a report: While GoDaddy discovered the security breach in early December 2022 following customer reports that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years. "Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the hosting firm said in an SEC filing. The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign. The November 2021 incident led to a data breach affecting 1.2 million Managed WordPress customers after attackers breached GoDaddy's WordPress hosting environment using a compromised password. They gained access to the email addresses of all impacted customers, their WordPress Admin passwords, sFTP and database credentials, and SSL private keys of a subset of active clients.

The domain for every phishing email I get is ...

[Fly Swatter]

Registered through GODADDY. Somehow I find it hard to care.

Re:

[Anonymous Coward]

.... attackers breached GoDaddy's WordPress hosting environment

WordPress and GoDaddy. LOL. Just need one more to hit the Trifecta of Stupidity.

Re:

[OtisSnerd]

> "WordPress and GoDaddy. LOL. Just need one more to hit the Trifecta of Stupidity."

It's mentioned in the first sentence, cPanel.

unknown attackers

[fahrbot-bot]

So... Who's your (Go)Daddy?

Access to company's network for multiple years?

[techvet]

While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years. Doh!

Hey, Godaddy...

[gosso920]

Who's your daddy?

I tried...

[Jerry Rivers]

...GoDaddy once and only once. Literally minutes after I registered a domain I was phished by what appeared to be a Russian operation, which seemed to already know way too much about me. I tried to report it to GD support, but its support site was unavailable and nobody would answer the phone. I immediately cancelled my GD account and changed all my login credentials.
I'm not at all shocked that this is only being reported now. It seems pretty obvious that there was an insider at GD.

Bye Daddy, thanks for all the phish

[RitchCraft]

I just moved all of my domains over to Google. (4 of them) GoDaddy wanted me to renew my SSL for $200. Nope, and now this news, we're done.

Re:

[Voyager529]

I just moved all of my domains over to Google. (4 of them) GoDaddy wanted me to renew my SSL for $200. Nope, and now this news, we're done.

I've been super happy with Namecheap. The support is chat-only, but everyone I've talked to has been solid, I pay a pittance for the shared hosting I need, and SSL certs are $10 a pop for single-domain, one-year (they charge less/year for multi-year certs, and more for multi-domain/EV/wildcard certs).

The one thing Godaddy does better than Namecheap is DNS propagation; NC takes several minutes, usually, but GD takes seconds most times...that said, Namecheap swings above their weight class in terms of value a

Re:

[cascadingstylesheet]

I just moved all of my domains over to Google. (4 of them) GoDaddy wanted me to renew my SSL for $200. Nope, and now this news, we're done.

Keep your domains on GoDaddy, if you want. (Though why, when, say, ENOM exists?)

But host on SiteGround or someone like that.

Re:

[RitchCraft]

Woke up this morning and those GoDaddy dickheads charged my card for the $200 SSL even after I moved the domains. I had to spend 1/2 hour on the phone getting the charges reversed. I turned all auto-pay off before the move. Dirty thieves.

My old provider was acquired by GoDaddy...

[tlhIngan]

I used to use WebFaction, but then their parent company got acquired by GoDaddy and then they basically said they were shutting down WF and we were to transition to regular GoDaddy accounts.

Of course, I used WF for its basically full featured shell account, so switching to their regular hosting was not something I wanted to do.

Turned out there was a new hosting provider called OpalStack that was created by a bunch of ex-WF admins so I hopped over and have never been happier. They've given me very few problems the past few years.

Glad I ditched GoDaddy when I did.

Surprise?

[skogs]

I don't think anybody is surprised by this, nor is anybody surprised by how long (multiple years) it took them to finally figure it out.

cPanel, GoDaddy, and Wordpress ....

Is there another 3 organizations out there that work together which combined have less respect?
In america I can only think of a couple political parties... :)

Internet Security & Privacy are a myth in the

[Hey_Jude_Jesus]

Century. How many more times will the users of the Internet be ripped off by insecure Internet systems.

GoDaddy is cancer

[piojo]

GoDaddy is in the news at least one a year, always for some pretty bad thing. They are deplorable. So this incident is a surprise but it doesn't change my opinion of them.

Ah yes, GoDaddy hosting ...

[cascadingstylesheet]

... as someone in the web development field, I have to say that why anyone would use GoDaddy hosting, when other hosting, like, even exists, is beyond me.

GoDaddy hosting is something you try. Once.

Cancellors

[groobly]

GoDaddy deplatformed people for political views a while back. Not a reliable partner.

Meh

[XeLiTuS]

Couldnâ(TM)t have happened to a better company. GD is terrible.

Seems a big mouth does not indicate skill

[gweihir]

I mean, "multi-year"? These people seem to not notice at all what is going on in their network....