720-891-1663

Alerts, Best Practices, Breach, Hacks, Security Practices

GoDaddy Admits Hackers Roamed Their Network for THREE YEARS!

Leave a comment

I’ve never been a fan of GoDaddy for a variety of reasons, but now I have a major reason not to like them.

In 2020 GoDaddy alerted 28,000 customers that an attacker used their credentials in 2019 to abuse their hosting accounts. That is over 3 years ago and that was the start of a long saga.

In 2021 GoDaddy admitted to a breach that affected 1.2 million WordPress sites that GoDaddy managed on behalf of their customers.

In December of last year GoDaddy was alerted by customers (no, they did not detect the breach at all) of another breach. This time the bad actors stole source code and redirected customers’ web sites to random domains by compromising their cPanel portal.

GoDaddy says these attacks are linked to each other.

And now, after 3 plus years, they are working with external forensics people and law enforcement. A bit late to the party, I think.

In an effort to redeem themselves (its not working), they said they found evidence that the hackers were targeting other hosting companies too.

Maybe if they had gotten serious about security in 2019, those hackers would be in jail or at least their methods would have been neutered.

GoDaddy says the attacks were carried out by “a serious and organized group targeting hosting services”. Well, that is pretty profound. Isn’t that kind of like a Willy Sutton statement? Hackers go after the place where the web sites are. DUH! I am glad the hack was not pulled off by a fifth grader, but rather by a serious and organized group.

I am sure that their PR folks and lawyers tried to sweep as much of this under the rug as they could for as long as they could.

Oh, yeah. The motive of the attackers was to load malware and your and my web sites so that when visitors went to them, they became infected.

Their annual disclosure statement says they do not know the status of a possible investigation into its data security and privacy practices by the Federal Trade Commission.

My recommendation: Don’t wait for the results – move.

If you need help or have questions, please contact us.

Credit: Bleeping Computer and Data Breach Today

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy