According to a statement by GoDaddy, a major web hosting company, it has experienced a breach in which unidentified attackers accessed its cPanel shared hosting environment, resulting in the theft of source code and the installation of malware on its servers. The attack spanned multiple years, but GoDaddy only became aware of the breach in early December 2022 after receiving reports from customers that their websites were being redirected to unfamiliar domains.
"Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the hosting firm said in an SEC filing.
According to the company, the recent multi-year campaign responsible for the latest breach is also connected to previous breaches that were disclosed in November 2021 and March 2020.
In November 2021, attackers breached GoDaddy's WordPress hosting environment by using a compromised password, leading to a data breach that affected 1.2 million Managed WordPress customers. As a result, the attackers were able to access the email addresses, WordPress Admin passwords, sFTP and database credentials, as well as the SSL private keys of a subset of active clients.
Following the March 2020 breach, GoDaddy notified 28,000 customers that their web hosting account credentials had been used by an attacker to gain access to their hosting account via SSH in October 2019.
GoDaddy is currently collaborating with external cybersecurity forensic experts and law enforcement agencies worldwide in an ongoing investigation aimed at identifying the root cause of the breach.
The breach is a stark reminder of the importance of strong cybersecurity measures, both for companies and individual users. If you are a GoDaddy customer, there are several steps you can take to protect your personal information and mitigate the risks of the breach.
- Change your password: If you haven't done so already, change your GoDaddy password immediately. Use a strong, unique password that you haven't used for any other accounts. Consider using a password manager to generate and store complex passwords securely.
- Enable two-factor authentication: Two-factor authentication (2FA) adds an extra layer of security to your GoDaddy account. It requires you to enter a code or use a biometric factor (such as a fingerprint) in addition to your password to access your account. This makes it much harder for an attacker to gain access to your account even if they have your password.
- Keep an eye on your accounts: Monitor your financial accounts and credit reports regularly for any signs of suspicious activity. Be on the lookout for unauthorized charges or transactions, and report any suspicious activity to your bank or credit card company immediately.
- Be cautious of phishing scams: Hackers may attempt to use the GoDaddy breach as a way to trick you into giving up your personal information or login credentials. Be wary of any unsolicited emails or phone calls claiming to be from GoDaddy or asking for your login information. Always verify the authenticity of any requests before providing any sensitive information.
The GoDaddy breach serves as a poignant reminder of the criticality of robust cybersecurity practices for both individuals and companies. Cybercriminals are constantly on the lookout for ways to exploit security vulnerabilities in information systems, and it is up to each of us to remain vigilant and take proactive steps to safeguard our data.
As a user of GoDaddy services, it is crucial to follow the suggestions provided in the earlier section to protect your personal information and mitigate the risks of the breach. Changing your password, enabling two-factor authentication, monitoring your accounts for any suspicious activity, being cautious of phishing scams, and using a VPN are all essential steps that can significantly enhance your cybersecurity posture.
However, it is equally important to remain aware of the latest threats and security best practices. Cyber threats are continuously evolving, and staying up-to-date with the latest security trends and techniques can help you stay ahead of the curve. You can stay informed by subscribing to security newsletters and attending security conferences and workshops.
In summary, the GoDaddy breach should be taken as a cautionary tale, reminding us of the need to stay vigilant and take proactive measures to protect ourselves from cyber threats. By following good cybersecurity practices, staying informed, and remaining vigilant, we can all contribute to a safer online environment.