cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Domain registrar GoDaddy reveals it has been the victim of a multi-year hack

There are many ways to reveal that you’ve been the victim of a massive hacking campaign, but casually doing so on page 30 of your annual report is a new one to us — and that’s exactly how US web hosting and domain company GoDaddy went about it.

user icon David Hollingworth
Mon, 20 Feb 2023
Domain registrar GoDaddy reveals it has been the victim of a multi-year hack
expand image

The revelation comes under the company’s listing of its risk factors, under the heading “A network attack, a security breach or other data security incident could delay or interrupt service to our customers, harm our reputation or subject us to significant liability”.

The company then went on to explain that particular risk in some detail, before presenting — by way of example — the details of a multi-year campaign against the company.

It turns out that back in March 2020, GoDaddy discovered that a hacker had managed to access the login details of about 28,000 customers and some of its own employees. At the time, though, the credentials were not capable of logging into the main accounts of customers.


At the time, GoDaddy followed regulations and reported the breach, though some matters, according to the company, are still ongoing and unresolved, which is a bit of an understatement.

In November 2021, GoDaddy then discovered that a “compromised password” had allowed an unauthorised person to access the company’s legacy Managed WordPress code base, which “impacted up to 1.2 million active and inactive MWP customers”, according to the annual report. This event was also reported and, again, remains largely unresolved.

Finally, we come to December 2022, when the report said that an “unauthorised third party” was able to install malware on GoDaddy’s cPanel hosting servers.

“The malware intermittently redirected random customer websites to malicious sites,” the report noted before going on to admit that it was just one hack all along.

“Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.”

The paragraph concluded that so far, the ongoing event has had no “material adverse impact to [its] business or operations” — which must make GoDaddy’s affected customers feel just great.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.