Hackers stole source code, installed malware: GoDaddy

Web hosting platform GoDaddy has revealed that cyber-criminals gained access to its systems, installed malware on its network and stolen parts of its source code in a multi-year intrusion.

The company said it was working with multiple law enforcement agencies around the world, in addition to forensics experts, to further investigate the issue.

"We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organised group targeting hosting services like GoDaddy," the company said in a statement on Friday.

The hackers' goal was to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.

GoDaddy revealed in a US Securities and Exchange Commission (SEC) filing that it believes the hackers are the same group that it found inside the company's networks in March 2020.

It became aware of the intrusion in December 2022 when GoDaddy started receiving a small number of customer complaints about their websites being intermittently redirected.

Upon receiving these complaints, it investigated and found that the intermittent redirects were happening on seemingly random websites hosted on its "cPanel shared hosting servers and were not easily reproducible by GoDaddy, even on the same website".

Once the company confirmed the intrusion, it remediated the situation and implemented security measures in an effort to prevent future infections.

"We are using lessons from this incident to enhance the security of our systems and further protect our customers and their data,a it said.

In November 2021, the global web hosting platform GoDaddy had revealed that nearly 1.2 million of its WordPress customers' sensitive information were compromised.

GoDaddy had warned users that this exposure can put users at greater risk of phishing attacks.