GoDaddy suffered multi-year hacking attempts, compromised client data

In a regulatory filing to U.S. Securities and Exchange Commission (SEC), popular web domain name service provider GoDaddy has confirmed that the company suffered multiple data breaches in the last three years.

It started first in March 2020, and hackers compromised data containing credentials of around 28,000 hosting accounts of clients as well as the login credentials of a small number of GoDaddy's personnel.

Again in the following year in November (2021), hackers got hold of the company's admin password, to get illegal access to Managed WordPress (MWP), which impacted up to 1.2 million active and inactive MWP customers across multiple GoDaddy brands.

Later in December 2022, hackers went a step ahead breaching GoDaddy's server and installing malware. This enabled bad actors to divert the company's clients to compromised websites and steal their credential data. The company is still investigating the case.

"Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the company stated in the SEC filing.

However, GoDaddy maintains that cyber attacks have not resulted in any material adverse impact on its business or operations. But, such evolving threats are increasingly getting difficult for the company to detect early and successfully defend them.

It is not just GoDaddy, this hacking attempts have become a serious threat to all technology companies offering similar website domains and hosting service providers. Law enforcement agencies around the world are aware of the malicious campaigns carried out by organized hacker groups and, the company noted this in a separate statement to the media.

As per the information available with GoDady, the primary goal of cyber criminals is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.

The company has published its findings on the public forum 10-K and is cooperating with local law agencies to improve its knowledge base on the latest hacking techniques. This way, the company, and others will be able to detect future attacks early and ensure the protection of their client's data.

Must read | Online Fraud: Tips on how to safeguard yourself from identity thefts, cyber threats

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.