GoDaddy Reveals Data Breach Led to Malware on Customer Sites

Source code was also stolen in the large breach that left GoDaddy customers' websites vulnerable to malware.

GoDaddy found a multi-year security breach in December 2022, the web hosting company has just now revealed.

The breach allowed unknown third parties to gain access to GoDaddy source code, and they installed malware on the company’s servers as well.

No security breach is a good breach, but this particular one is worse than normal, and may cast doubt on the web hosting and domain services that the company offers. GoDaddy says it has added security measures to stop a similar attack in the future and is working with law enforcement to stop the bad actors.

How the GoDaddy Breach Happened

GoDaddy first noticed a problem in early December of last year, when a few customer complaints all mentioned that their website had been “intermittently redirected,” the company said in its statement.

After taking a look, GoDaddy realized that the issue wasn’t easily reproducible, but involved “seemingly random websites hosted on our cPanel shared hosting servers.” The company eventually realized that an unauthorized party had accessed the servers in their cPanel shared hosting environment, and the issue was caused by malware that had been installed by the third-party actor.

The same hackers also “obtained pieces of code related to some services within GoDaddy.”

GoDaddy didn’t explain how the breach had happened but did say that the situation had been “remediated,” with new “security measures” rolled out to prevent future breaches.

How Bad Is This Breach?

Security breaches themselves aren’t a sign that a tech company has failed, since mitigation measures can help to reduce the severity of a breach’s impact. But just going off of what we know, this seems likely to be a rough PR hit for GoDaddy to recover from.

Not only does the breach encompass multiple years, but GoDaddy customers’ websites were vulnerable to malware as a result of the breach.

It appears to be bad news for every other major hosting platform, as well. According to the GoDaddy announcement, the breach is just one incident from a group dedicated to targeting hosting services specifically:

“We have evidence, and law enforcement has confirmed, that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy. According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.”

It does make sense to hack a hosting service, since it’s a one-stop shop for a huge range of other websites. And that means the customers are the true target, which is bad news for anyone currently hosting their own website.

Staying Secure While Hosting a Website

We’ve rated and reviewed all the top web hosting platforms. While GoDaddy does make our list, it’s towards the end, trailing InMotion (the best all-around web hosting provider), Bluehost (a still-great but cheaper InMotion alternative), HostGator (the best for reliable uptime), and a few others.

Check out our full guide over here — and let’s hope they remain secure against any data breaches in the near future.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' was a 2024 Locus Awards finalist. When not working on his next art collection, he's tracking the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals