Hackers Have Stolen GoDaddy's Source Code

GoDaddy, a leading web hosting company with 21 million users worldwide and many small businesses, has revealed a group have gained access to its servers and installed malware. Part of the stolen data included employees’ and customers’ login credentials and the flaw allowed attackers to install malware, which would redirect customers’ websites to malicious domains. According to reports, unidentified hackers stole the company’s source code.

GoDaddy said that the attack was executed by a 'sophisticated group' that was targeting various hosting services to infect websites and servers with malware. US law enforcement agencies have also confirmed that a security breach occurred, performed by an organised hacking group.

“In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected,” the company wrote in a blog... Upon receiving these complaints, we investigated and found that the intermittent redirects were happening on seemingly random websites hosted on our cPanel shared hosting servers and were not easily reproducible by GoDaddy, even on the same website.”

In a filing with the Securities and Exchange Commission (SEC), GoDaddy revealed that since 2020 it has suffered three serious security breaches.

The most recent attack resulted in a short outage in which customer websites were redirected. "Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.” GoDaddy said in statement.

Coincident with the attack, GoDaddy says that it received various customer complaints regarding their websites being intermittently redirected. This led the web hosting company to identify the intrusion and to implement security measures to prevent future issues.

The hackers used known compromised credentials to access the system, according to GoDaddy. Hosting companies l have a particularly high profile and make an attractive target for attackers, offering an  aggregation effect as they host a lot of web infrastructure, consequently, hacking one target offers the potential to extort many customers.

GoDaddy:      SEC:     TEISS:     Oodaloop:    Infosecurty Magazine:    HackRead:    Bleeping Computer: 

You Might Also Read: 

Cyber Criminals' Earnings Fall As More Ransom Victims Refuse Payment:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Artificial Intelligence Today - How AI Works
Calculating The Ransom Demand On The Victim’s Insurance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

JLT Specialty

JLT Specialty

JLT Specialty is a leading specialist insurance broker. Services offered include Cyber Risks insurance.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Guy Carpenter

Guy Carpenter

Guy Carpenter delivers a powerful combination of broking expertise, strategic advisory services, and industry-leading analytics.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

RiskOptics

RiskOptics

RiskOptics (formerly Reciprocity) equips organizations with one of the most intuitive and powerful information security and cyber risk management solutions in the market.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

Amtivo Ireland

Amtivo Ireland

Amtivo Ireland (formerly Certification Europe and EQA) offers a range of certifications and related services.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.