GoDaddy: Hackers stole source code, installed malware in multi-year breach

[MrD]

GoDaddy discovered a security breach in early December 2022 following customer reports of their sites being redirected to random domains. Investigation revealed that attackers had access to the company’s network for multiple years, during which they installed malware and obtained source code.

Previously disclosed breaches in November 2021 and March 2020 are also linked to this multi-year campaign. The November 2021 incident led to a data breach affecting 1.2 million Managed WordPress customers who had their email addresses, WordPress Admin passwords, sFTP and database credentials, and SSL private keys exposed.

The March 2020 breach saw 28,000 customers affected after attackers used their web hosting account credentials to connect to their hosting account via SSH.

GoDaddy is now working with external cybersecurity forensics experts and law enforcement agencies worldwide as part of an ongoing investigation into the root cause of the breach. Evidence has been found linking attackers to a broader campaign targeting other hosting companies internationally over the years, whose goal is to infect websites and servers with malware for phishing campaigns and other malicious activities. 

Read→ https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/

[jacobdhempsy]

If hackers managed to steal source code and install malware over several years, that’s absolutely terrible—it makes you worry about the security of your own accounts. I am also looking for tips how to secure my information
 

[raymond34]

When hackers compromise source code and install malware over time, it raises significant concerns about the security of personal and organizational accounts. To protect your data, proactive measures are critical. A great way to ensure web application security is by conducting regular penetration tests. Services like ImmuniWeb's web application penetration test https://www.immuniweb.com/resources/application-penetration-testing/ offer a comprehensive approach by combining automated and manual testing to uncover vulnerabilities such as SQL injection or authentication bypass, while also prioritizing fixes based on criticality.

Edited December 10 by raymond34