GoDaddy discovered a security breach in early December 2022 following customer reports of their sites being redirected to random domains. Investigation revealed that attackers had access to the company’s network for multiple years, during which they installed malware and obtained source code.

Previously disclosed breaches in November 2021 and March 2020 are also linked to this multi-year campaign. The November 2021 incident led to a data breach affecting 1.2 million Managed WordPress customers who had their email addresses, WordPress Admin passwords, sFTP and database credentials, and SSL private keys exposed.

The March 2020 breach saw 28,000 customers affected after attackers used their web hosting account credentials to connect to their hosting account via SSH.

GoDaddy is now working with external cybersecurity forensics experts and law enforcement agencies worldwide as part of an ongoing investigation into the root cause of the breach. Evidence has been found linking attackers to a broader campaign targeting other hosting companies internationally over the years, whose goal is to infect websites and servers with malware for phishing campaigns and other malicious activities. 

Read→ https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/