Cyber Security News

GoDaddy Hacked – Attackers Breached Cpanel and Stolen Source Code

GoDaddy, a leading web hosting company, has reported a security breach in which its cPanel shared hosting environment was breached by unknown attackers.

The perpetrators were able to steal source code and install malware on GoDaddy’s servers in a prolonged attack that spanned multiple years.

Although customer reports alerted GoDaddy to this security breach in early December 2022, the attackers had actually gained access to the company’s network several years prior. 

During this time, the perpetrators were able to use compromised sites to redirect traffic to various unknown domains. As one of the world’s largest domain registrars, GoDaddy serves more than 20 million customers globally with its hosting services.

Breach Analysis

According to the company, the recent security breach that occurred over a span of several years is connected to previous breaches that were disclosed in November 2021 and March 2020.

In November 2021, GoDaddy’s WordPress hosting environment was compromised by attackers who used a compromised password. Approximately 1.2 million Managed WordPress users have been affected by this data breach as a result of this issue.

As a result, they gained access to the following information:-

  • Email addresses
  • WordPress Admin passwords
  • sFTP
  • Database credentials
  • SSL private keys of a subset of active clients

In October 2019, an attacker gained access to the web hosting accounts of 28,000 GoDaddy customers by using their SSH credentials. GoDaddy discovered this breach in March 2020 and promptly notified the affected customers.

GoDaddy’s Response

As part of an ongoing investigation into the cause of the breach, GoDaddy has enlisted the help of external cybersecurity forensics experts and law enforcement agencies around the globe.

A sophisticated and organized group, whose focus is on hosting services, including GoDaddy, was responsible for the incident, as confirmed by both GoDaddy and law enforcement.

The threat actors’ objective is to corrupt websites and servers with malware to execute various malicious activities, such as malware distribution and phishing campaigns.

Here’s what GoDaddy stated:-

“As we continue to monitor their behavior and block attempts from this criminal organization, we are actively collecting evidence and information regarding their tactics and techniques to help law enforcement.”

Moreover, an apology was issued to customers and website visitors for any inconvenience experienced. While the improvements to the security of their systems are underway, utilizing insights gained from the incident to better safeguard customer data.

Network Security Checklist – Download Free E-Book


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

2 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

6 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

6 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

8 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

9 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

10 hours ago