Popular web domain name service provider GoDaddy has confirmed that intermittent redirects were happening on seemingly random websites hosted on its cPanel shared hosting servers.
After receiving customer complaints in December 2022 about their websites being intermittently redirected, GoDaddy investigated and found that an unauthorized third party had gained access to servers in its cPanel shared hosting environment and installed malware which led to the intermittent redirection of customer websites. The situation has been remediated and security measures implemented to prevent future infections.
In a regulatory filing to U.S. Securities and Exchange Commission (SEC), popular web domain name service provider GoDaddy has confirmed that the company suffered a multi-year security compromise that led criminals to steal company source code, customer and employee login credentials, as well as install malware that caused customer websites to redirect to malicious sites.
“We are working with multiple law enforcement agencies around the world, in addition to forensics experts, to further investigate the issue. We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy. According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities,” said GoDaddy in its statement.
Suspicious activity in Managed WordPress hosting environment
GoDaddy reported in November 2021 that third-party had gained access to its Managed WordPress hosting environment. An unauthorized third party used a compromised password to access the provisioning system in its legacy code base for Managed WordPress.
The breach had led to third-party gaining access to customer information like WordPress Admin password, SFTP and database usernames and passwords, and passwords, email addresses, and contact numbers.
In another incident of a security breach in May 2020, GoDaddy informed its customers that the hosting login credentials of 28,000 customers and the credentials of some of its employees were compromised.
Read next: State-sponsored cyberattacks are a growing concern; Ukraine suffered 29 such attacks in 2022