-: FOLLOW US :- @theinsaneapp
GoDaddy has suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites.
-: FOLLOW US :- @theinsaneapp
Three serious security events starting in 2020 and lasting through 2022 were carried out by the same intruder.
-: FOLLOW US :- @theinsaneapp
In March 2020, a threat actor obtained login credentials that gave access to a "small number" of employee accounts and the hosting accounts of roughly 28,000 customers.
-: FOLLOW US :- @theinsaneapp
A separate incident in November 2021 occurred when the threat actor obtained a password that gave access to source code for GoDaddy's Managed WordPress service.
-: FOLLOW US :- @theinsaneapp
Unauthorized party used the access to obtain login credentials for WordPress admin accounts, FTP accounts, and email addresses for 1.2 million current and inactive Managed WordPress customers.
-: FOLLOW US :- @theinsaneapp
Security lapses and vulnerabilities have led to a series of suspicious events involving massive numbers of sites hosted by GoDaddy.
-: FOLLOW US :- @theinsaneapp
In 2019, a misconfigured domain name system service at GoDaddy allowed hackers to hijack dozens of websites owned by Expedia, Yelp, Mozilla, and others.
-: FOLLOW US :- @theinsaneapp
Also in 2019, a researcher uncovered a campaign that used hundreds of compromised GoDaddy customer accounts to create 15,000 websites that published spam.
-: FOLLOW US :- @theinsaneapp
GoDaddy is one of the world’s largest domain registrars, with nearly 21 million customers and revenue in 2022 of almost $4 billion.
-: FOLLOW US :- @theinsaneapp
The company is responding to subpoenas related to the incident that the Federal Trade Commission issued in July 2020 and October 2021.