GoDaddy, Kötü Amaçlı Yazılım Yüklemelerine ve Kaynak Kodu Hırsızlığına Neden Olan Yıllardır Süren Bir Güvenlik Uzlaşmasını Açıklıyor.

On Friday, GoDaddy revealed a long-term security breach that allowed unknown hackers to install malware and access source code for some of its services. This malicious intrusion has the potential to cause serious harm, so it's imperative that swift action is taken in order to protect customers from any further damage. The company attributed the campaign to a "sophisticated and organized group targeting hosting services." In December 2022, GoDaddy received an undefined number of customer grievances about their websites being intermittently diverted to malicious sites. After a thorough investigation by its team, it was revealed that this occurred due to the unauthorized third party gaining access to servers hosted in its cPanel environment. The threat actor "installed malware causing the intermittent redirection of customer websites," the company said.

The ultimate objective of the intrusions, GoDaddy said, is to "infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities."

In a related 10-K filing with the U.S. Securities and Exchange Commission (SEC), the company said the December 2022 incident is connected to two other security events it encountered in March 2020 and November 2021. In 2020, approximately 28,000 hosting customers and a small number of GoDaddy personnel had their login credentials breached. Just one year later in 2021, a malicious individual utilized an unauthorized password to access the legacy code base for Managed WordPress (MWP), impacting almost 1.2 million active and inactive MWP users from multiple GoDaddy brands simultaneously.