Hackers have been breaking into the biggest web hosting companies and stealing their source code for years
GoDaddy said unidentified hackers stole its website's source code and installed malware on its servers after hacking its shared hosting environment cPanel in an attack that lasted several years.
Years ago, when the web hosting giant discovered the vulnerability after receiving reports from customers in early December 2022 that their websites were being used to redirect to random domains, hackers there gained access to the company's network.
GoDaddy said in the SEC filing, "Based on our investigation, we believe these incidents were part of a multi-year campaign by a complex group of malicious actors that installed malware and obtained snippets of code related to certain services." on my dad
The company said two previously disclosed hacks in November 2021 and March 2020 are also linked to the multiyear campaign.
The November 2021 incident resulted in a data breach affecting 1.2 million managed WordPress customers after hackers used leaked passwords to break into GoDaddy's WordPress hosting environment.
The company said at the time that the attackers stole the email addresses of all affected customers, the WordPress admin passwords, and the sFTP and database credentials and SSL keys of some active customers.
After the security breach in March 2020, GoDaddy informed about 28,000 customers that attackers used their web hosting account credentials to SSH into their hosting accounts in October 2019.
Godaddy is now working with outside cybersecurity experts and law enforcement agencies around the world on an ongoing investigation into the root cause of the hack.
GoDaddy said it also found additional evidence linking the threat factor to a broader campaign targeting other hosting companies around the world over the years.
"We have evidence and law enforcement have confirmed that this incident was committed by a sophisticated and organized group targeting hosting services such as (GoDaddy)," the host said in a statement. "By their own admission, with the express intent of infecting websites and servers with malware for phishing campaigns, malware distribution, and other malicious activity," it added.
It should be noted that (GoDaddy) is one of the largest domain name registrars providing hosting services to more than 20 million customers around the world.