Massive GoDaddy security breach and malware exploit

GoDaddy hack 2020

A massive security breach at GoDaddy has seen some customers complaining of websites redirecting to seemingly random domains in an attack that officials at the search giant say goes back as far as 2022.

What GoDaddy says about the security breach

In a filing with the SEC GoDaddy admits, “based on our investigations, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.” The company goes on to say that this breach is related to previous breaches in March of 2020 and November of 2021.

In the November 2021 breach alone, data affecting over 1 million Managed WordPress was harvested, giving the threat actors access to user Cpanel accounts, WordPress admin info, passwords, sFTP, SSL keys, and even database credentials.

Who else was affected?

Thes attacks in 2020 and 2021 affected not just GoDaddy but several resellers of their Managed WordPress service, too. Some of those resellers include 123Reg, tsoHost, Media Temple, Domain Factory, and Heart Internet.

While GoDaddy says that they have evidence that these threat actors targeted other large hosting companies, that evidence remains to be seen.

The fact is that some of these attacks happened during the busy holiday shopping season. Threat actors having access to something as seemingly insignificant as a small mom-and-pop e-commerce website could prove costly to individual website owners, their site users, and ultimately the vendors who supply the product.

Online shopping is still a relatively new endeavor, and anything that chips away the trust between an online retailer and their customer is a matter of concern.

What was the goal of the GoDaddy hack?

According to GoDaddy, the goal of this targeted campaign was to infect websites with malware that would support phishing attacks, further malware distribution, and other nefarious activities.

GoDaddy is one of the largest website hosting platforms in the world with over 20 million customers. GoDaddy maintains that while this breach was serious, it only affected a small number of users worldwide.

See a timeline of the attack and response as compiled by Michael Hill, the UK editor of CSO Online.

Author: Michael Winchester

Website developer, field recordist, instrument builder. My background is largely based in design for the music industry; websites, micro-sites, and apparel. With that experience, I bring a fresh approach to corporate and construction-related web projects looking to stand apart from the competition. My goal is to help clients better understand different aspects of SEO and website development; I write short, easy-to-digest articles on search engine optimization and website performance-related topics.In my free time, I enjoy field recording, sound design, and building unusual musical instruments.Michael Winchester is a website developer and search engine consultant in Southern California. Michael Winchester Design | (562)283-5688