GoDaddy has informed customers it suffered a multi-year breach, one that involved hackers installing malware on its servers.
GoDaddy said it started receiving complaints from customers in December 2022. Some customers reported their websites intermittently redirecting to other domains. The company investigated, but the issue was difficult to prove since it appeared to be happening randomly across its customer base.
Ultimately, the company realized it had been hacked and malware was responsible for the unusual behavior:
As our investigation continued, we discovered that an unauthorized third party had gained access to servers in our cPanel shared hosting environment and installed malware causing the intermittent redirection of customer websites. Once we confirmed the intrusion, we remediated the situation and implemented security measures in an effort to prevent future infections.
In the company’s 10-K filing, it acknowledged the breach was the result of a multi-year campaign against the it:
Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.
GoDaddy says it is applying the lessons it has learned from this breach in an effort to improve security. The company also says “these incidents as well as other cyber threats and attacks have not resulted in any material adverse impact to our business.”
Despite its assurances, it’s a safe bet many customers will likely start migrating away from GoDaddy to more secure hosting services, something that will likely have a major impact on its business.