GoDaddy has discovered a significant, multi-year security flaw that gave hackers access to the company’s source code and allowed them to also install malware on the servers. Even while there is never a good time for a security breach, this one is particularly bad and may raise questions about the company’s ability to provide reliable web hosting and domain services.

According to GoDaddy, it has increased security measures to thwart future attacks of this nature and is collaborating with law authorities to apprehend the perpetrators. According to the company’s statement, GoDaddy initially became aware of a problem in early December of last year when a few customer complaints all noted that their website had been “intermittently redirected.”

After investigating, GoDaddy found that the problem included “apparently random websites housed on our cPanel shared hosting servers,” rather than being easily replicable. After some time, the business discovered that a third party actor had planted malware on the servers in their cPanel shared hosting environment, allowing an unauthorized party to access the servers and causing the problem. Moreover, the identical hackers “obtained parts of code linked to several services within GoDaddy.”

GoDaddy said that the matter had been “remediated” and that additional “security measures” had been implemented in order to stop such incidents from happening again, although it did not specify how the breach had occurred.

Source

• https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
• https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/
• https://thehackernews.com/2023/02/godaddy-discloses-multi-year-security.html

Recently,

GoTo Suffers a Data Breach