Hosting giant GoDaddy claims to have suffered a security breach in which Unknown attackers stole the source code and installed malware on their servers.
The attack came after a breach of their cPanel shared hosting environment in an attack that has been going on for several years.
GoDaddy discovered the security breach after customer reports in early December 2022 that their websites were being used to redirect traffic to random domains.
“Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated group of threat actors who, among other things, installed malware on our systems and obtained snippets of code relating to certain GoDaddy services.said the hosting company.
The company says that previous breaches revealed in November 2021 and March 2020 are also linked to this multi-year campaign.
The November 2021 incident led to a data breach affecting 1.2 million Managed WordPress service customers after attackers breached GoDaddy’s WordPress hosting environment using a compromised password.
They gained access to the email addresses of all affected customers, their WordPress admin passwords, sFTP and database credentials, and SSL private keys for a subset of active customers.
GoDaddy is now working with third-party cybersecurity forensics experts and law enforcement agencies as part of an ongoing investigation into the root cause of the breach.
GoDaddy says it also found additional evidence linking the threat actors to a broader campaign targeting other hosting companies around the world over the years.