GoDaddy Acknowledges Data Breach

The largest web hosting company in the world, GoDaddy suffered huge data breach over the last couple of years in a row. This security compromise includes customer and employee's login credentials and important company source code. Unknown hackers were able not only to steal the information but also install malware on customer's websites which re-directed visitors to suspicious and malicious websites.

Although the company did not directly mention about these incidents neither on their official blog nor on their press releases. However, these information were obtained from GoDaddy's recent SEC filing which can be accessed by anyone.

GoDaddy Official Logo. © GoDaddy.

The filing shows that since 2020 to up until December 2022, the hosting provider suffered multiple security breach resulting huge data being stolen by the attackers.

March 2020: The actor was able to steal approximately 28,000 hosting customer's account login credentials along with small number of GoDaddy personnel's login credentials.

November 2021: An unauthorized third party was able to access the company's provisioning system in their legacy code base for Managed WordPress services which affected around 1.2 million active and inactive MWP customer across their multiple brands.

December 2022: Once again an unauthorized third party gained access and installed malware on GoDaddy's cPanel hosting servers. This malware randomly re-directed customers to various malicious websites.

Various popular websites like TechCrunch, Forbes and others reported on this issues in the past and despite all the negativity around the company, GoDaddy reported $243 million in 2021 and $353 million net income in 2022. Even though like many other companies in 2020 it reported net loss of $494 million during early stage of COVID-19.

On the filing, the company stated that, "Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy".

While we all understand that GoDaddy most probably will do everything within it's power to protect it's business and their efforts reflects on their SEC filing, it will not be easy to pursue and retain all of it's customers. It is clear as broad day-light the company has become a fine target for many bad actors who may or may not be brought to justice, ever.


Commenting is disabled.