news GoDaddy: Hackers stole source code, installed malware in multi-year breach

[kor]

---

GoDaddy: Hackers stole source code, installed malware in multi-year breach​

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.

While GoDaddy discovered the security breach in early December 2022 following customer reports that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.

"Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the hosting firm said in an SEC filing.

The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign.

The November 2021 incident led to a data breach affecting 1.2 million Managed WordPress customers after attackers breached GoDaddy's WordPress hosting environment using a compromised password.

They gained access to the email addresses of all impacted customers, their WordPress Admin passwords, sFTP and database credentials, and SSL private keys of a subset of active clients.

After the March 2020 breach, GoDaddy alerted 28,000 customers that an attacker used their web hosting account credentials in October 2019 to connect to their hosting account via SSH.

GoDaddy is now working with external cybersecurity forensics experts and law enforcement agencies worldwide as part of an ongoing investigation into the root cause of the breach.

Links to attacks targeting other hosting companies​

GoDaddy says it also found additional evidence linking the threat actors to a broader campaign targeting other hosting companies worldwide over the years.

"We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy," the hosting company said in a statement.

"According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities."

GoDaddy is one of the largest domain registrars, and it also provides hosting services to over 20 million customers worldwide.

---

Source: Bleeping Computer

 

[Gorilla]

---

GoDaddy: Hackers stole source code, installed malware in multi-year breach​

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.

While GoDaddy discovered the security breach in early December 2022 following customer reports that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.

"Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the hosting firm said in an SEC filing.

The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign.

The November 2021 incident led to a data breach affecting 1.2 million Managed WordPress customers after attackers breached GoDaddy's WordPress hosting environment using a compromised password.

They gained access to the email addresses of all impacted customers, their WordPress Admin passwords, sFTP and database credentials, and SSL private keys of a subset of active clients.

After the March 2020 breach, GoDaddy alerted 28,000 customers that an attacker used their web hosting account credentials in October 2019 to connect to their hosting account via SSH.

GoDaddy is now working with external cybersecurity forensics experts and law enforcement agencies worldwide as part of an ongoing investigation into the root cause of the breach.

Links to attacks targeting other hosting companies​

GoDaddy says it also found additional evidence linking the threat actors to a broader campaign targeting other hosting companies worldwide over the years.

"We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy," the hosting company said in a statement.

"According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities."

GoDaddy is one of the largest domain registrars, and it also provides hosting services to over 20 million customers worldwide.

---

Source: Bleeping Computer

Thanks for reporting this on namepros, just saw it on twitter, it is pretty important news for us domainers too.

 

[Fayaz Ahmed]

Thanks for reporting.
Thankfully I use VPS (Vultr & Digital Ocean).

 

[bmugford]

---

GoDaddy: Hackers stole source code, installed malware in multi-year breach​

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.

While GoDaddy discovered the security breach in early December 2022 following customer reports that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.

"Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the hosting firm said in an SEC filing.

The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign.

The November 2021 incident led to a data breach affecting 1.2 million Managed WordPress customers after attackers breached GoDaddy's WordPress hosting environment using a compromised password.

They gained access to the email addresses of all impacted customers, their WordPress Admin passwords, sFTP and database credentials, and SSL private keys of a subset of active clients.

After the March 2020 breach, GoDaddy alerted 28,000 customers that an attacker used their web hosting account credentials in October 2019 to connect to their hosting account via SSH.

GoDaddy is now working with external cybersecurity forensics experts and law enforcement agencies worldwide as part of an ongoing investigation into the root cause of the breach.

Links to attacks targeting other hosting companies​

GoDaddy says it also found additional evidence linking the threat actors to a broader campaign targeting other hosting companies worldwide over the years.

"We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy," the hosting company said in a statement.

"According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities."

GoDaddy is one of the largest domain registrars, and it also provides hosting services to over 20 million customers worldwide.

---

Source: Bleeping Computer

 

[LoveCatchyDomains]

Have they notified all their customers about this? As a GoDaddy customer, I don't recall any emails relaying this information.

Did any of you who are GoDaddy customers receive any emails from them related to this?

 

[Reallybigidea.com]

I have had 3 years old maximum hosting plan at godaddy .they are often disabled main php file for no reason . Useless hosting .

 

[LoveCatchyDomains]

I have had 3 years old maximum hosting plan at godaddy .they are often disabled main php file for no reason . Useless hosting .

Thanks for sharing that insight. Hopefully, they will look into this and fix it.

Since you are a GoDaddy hosting customer, I'm curious if you ever received an email directly about their hack.

Was the hacking alert was only provided to customers who were directly known to be affected, and not to others who were are risk but appeared not be impacted?

 

[DealMaker1]

Not a game you will win. Think about it. There is so much fraud out there, like never before, in the history of world cultures. Because every Tom and Joe has a computer in their hand, from Los Angeles to Lagos. Look after your own shit. I think someone said this before.

 

[LoveCatchyDomains]

Not a game you will win. Think about it. There is so much fraud out there, like never before, in the history of world cultures. Because every Tom and Joe has a computer in their hand, from Los Angeles to Lagos. Look after your own shit. I think someone said this before.

The point here is that being informed about vulnerabilities and known incidents helps one look after one's own stuff.
For example, if alerted that a company has even a possible hacking incident, alerting customers about it could prompt simple moves. Even without evidence of being hacked, one could change passwords and increase monitoring the account? For example, rather than perhaps checking settings and logs once a week, perhaps increasing that to several times a week or daily checking?

There's never really a "game" to win, since the process in always an ongoing challenge with hackers and other bad actors. So, wouldn't it be great to have companies that help fortify their customers. Putting out alerts sooner rather than later might help prevent further digital mayhem.