Hackers Have Stolen GoDaddy's Source Code

Uploaded on 2023-02-28 in NEWS-Cybersecurity News, FREE TO VIEW

GoDaddy, a leading web hosting company with 21 million users worldwide and many small businesses, has revealed a group have gained access to its servers and installed malware. Part of the stolen data included employees’ and customers’ login credentials and the flaw allowed attackers to install malware, which would redirect customers’ websites to malicious domains. According to reports, unidentified hackers stole the company’s source code.

GoDaddy said that the attack was executed by a 'sophisticated group' that was targeting various hosting services to infect websites and servers with malware. US law enforcement agencies have also confirmed that a security breach occurred, performed by an organised hacking group.

“In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected,” the company wrote in a blog... Upon receiving these complaints, we investigated and found that the intermittent redirects were happening on seemingly random websites hosted on our cPanel shared hosting servers and were not easily reproducible by GoDaddy, even on the same website.”

In a filing with the Securities and Exchange Commission (SEC), GoDaddy revealed that since 2020 it has suffered three serious security breaches.

The most recent attack resulted in a short outage in which customer websites were redirected. "Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.” GoDaddy said in statement.

Coincident with the attack, GoDaddy says that it received various customer complaints regarding their websites being intermittently redirected. This led the web hosting company to identify the intrusion and to implement security measures to prevent future issues.

The hackers used known compromised credentials to access the system, according to GoDaddy. Hosting companies l have a particularly high profile and make an attractive target for attackers, offering an  aggregation effect as they host a lot of web infrastructure, consequently, hacking one target offers the potential to extort many customers.

GoDaddy:      SEC:     TEISS:     Oodaloop:    Infosecurty Magazine:    HackRead:    Bleeping Computer: 

You Might Also Read: 

Cyber Criminals' Earnings Fall As More Ransom Victims Refuse Payment:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Artificial Intelligence Today - How AI Works
Calculating The Ransom Demand On The Victim’s Insurance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

rPeople Staffing

rPeople Staffing

rPeople provides direct placement in all areas of your organization, including and specializing in Technical and Executive hiring.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

Trulioo

Trulioo

Trulioo is a leading global identity and business verification company providing secure access to data sources worldwide to instantly verify consumers and businesses online.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

Genians

Genians

Genians provides the industry’s leading Network Access Control (NAC) solution, which ensures full visibility of all IP-enabled devices regardless of whether they are wired, wireless, or virtual.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

Secrutiny

Secrutiny

Scrutiny's core services include Cyber Maturity, Cyber Risk Analyser, Cyber Controls, Incident Response, SOC, Cyber Recovery and Assurance Testing.

VicOne

VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.

Barquin Solutions

Barquin Solutions

Barquin Solutions is a full-service information technology consulting firm focused on supporting U.S. federal government agencies and their partners.

Harmonic Security

Harmonic Security

Harmonic Security helps companies to adopt Generative AI without risking the security and privacy of their data.