GoDaddy, a web hosting company, has disclosed that during a multi-year period, hackers broke into its systems, planted malware on its network, and stole some of its source code.
The company discovered the breach following customer reports (December 2022) that their websites were being redirected to random domains.
GoDaddy stated that it thinks the hackers are the same gang that it discovered within the business’s networks in March 2020 in a file with the US Securities and Exchange Commission (SEC). When GoDaddy began getting a few customer complaints about their websites being intermittently rerouted in December 2022, it first became aware of the incursion.
GoDaddy is currently working with cybersecurity forensics experts and law enforcement agencies around the world to investigate the root cause of the breach
Last April, the Cybernews research team discovered hundreds of compromised WordPress sites had been running malicious phishing adverts. GoDaddy was hit the worst, with 42 infected websites.
The most badly affected country was the US, which had 201 websites compromised, followed by France (62 websites), Germany (51), and the UK (34).
The company has not released further details about the attack or how the attackers were able to infiltrate their systems. GoDaddy has since reset all compromised passwords, and advised their customers to do the same, along with taking additional security measures.