Hackers Have Stolen GoDaddy's Source Code

Uploaded on 2023-02-28 in NEWS-Cybersecurity News, FREE TO VIEW

GoDaddy, a leading web hosting company with 21 million users worldwide and many small businesses, has revealed a group have gained access to its servers and installed malware. Part of the stolen data included employees’ and customers’ login credentials and the flaw allowed attackers to install malware, which would redirect customers’ websites to malicious domains. According to reports, unidentified hackers stole the company’s source code.

GoDaddy said that the attack was executed by a 'sophisticated group' that was targeting various hosting services to infect websites and servers with malware. US law enforcement agencies have also confirmed that a security breach occurred, performed by an organised hacking group.

“In early December 2022, we started receiving a small number of customer complaints about their websites being intermittently redirected,” the company wrote in a blog... Upon receiving these complaints, we investigated and found that the intermittent redirects were happening on seemingly random websites hosted on our cPanel shared hosting servers and were not easily reproducible by GoDaddy, even on the same website.”

In a filing with the Securities and Exchange Commission (SEC), GoDaddy revealed that since 2020 it has suffered three serious security breaches.

The most recent attack resulted in a short outage in which customer websites were redirected. "Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.” GoDaddy said in statement.

Coincident with the attack, GoDaddy says that it received various customer complaints regarding their websites being intermittently redirected. This led the web hosting company to identify the intrusion and to implement security measures to prevent future issues.

The hackers used known compromised credentials to access the system, according to GoDaddy. Hosting companies l have a particularly high profile and make an attractive target for attackers, offering an  aggregation effect as they host a lot of web infrastructure, consequently, hacking one target offers the potential to extort many customers.

GoDaddy:      SEC:     TEISS:     Oodaloop:    Infosecurty Magazine:    HackRead:    Bleeping Computer: 

You Might Also Read: 

Cyber Criminals' Earnings Fall As More Ransom Victims Refuse Payment:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Artificial Intelligence Today - How AI Works
Calculating The Ransom Demand On The Victim’s Insurance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

Happiest Minds Technologies

Happiest Minds Technologies

Happiest Minds offers domain centric solutions in IT Services, Product Engineering, Infrastructure Management and Security.

Bittium

Bittium

Bittium provides proven information security solutions for mobile devices and portable computers.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

DeviceAssure

DeviceAssure

DeviceAssure enables organizations to reliably identify counterfeit and non-standard devices with a real-time check on a device's authenticity.

Quantea

Quantea

Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

Regtank Technology

Regtank Technology

Regtank is a one-stop compliance solution for fintechs, navigating compliance, security and risk management.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

Glasstrail

Glasstrail

Glasstrail are single-minded about helping organisations gather intelligence and manage vulnerabilities in their attack surface before adversaries exploit them.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.