Hackers Stole GoDaddy Source Code in a Multi-Year Data Breach

The web hosting giant GoDaddy has been rattled by an almost two-year-long data breach that went undetected from 2020 to 2022.

In a filing with the Securities and Exchange Commission (SEC), GoDaddy revealed that three serious security breaches had impacted the company, boasting 21 million customers and almost $4 billion in revenue.

On Friday, GoDaddy, the world’s leading web hosting firm, confirmed that its network had been impacted by a data breach that started in 2020 and continued until 2022. As a result of this compromise, unidentified hackers stole the company’s source code.

Additionally, part of the stolen data included employees’ and customers’ login credentials. Moreover, the flaw allowed attackers to install malware, which would redirect customers’ websites to malicious domains.

This should not come as a surprise, since GoDaddy has a history of security-related incidents. For instance, in November 2021, hackers accessed 1.2 million GoDaddy customers’ accounts.

In November 2020, GoDaddy revealed that its employees had been tricked by hackers into modifying the DNS settings of at least two cryptocurrency websites. In April 2020, Escrow.com was defaced by hackers after they managed to hack one of GoDaddy’s employees.

As for the recent incident, in a filing with the Securities and Exchange Commission, GoDaddy revealed that three serious security breaches had impacted the company, boasting 21 million customers and almost $4 billion in revenue.

The incident started in 2020, and the latest was recorded in 2022. The company noted that a sophisticated hacker group was responsible for all the incidents. This means the same group has repeatedly invaded its networks and may or may not have left, despite the company’s extensive security measures.

The first incident occurred in March 2020, when the attackers obtained login credentials and accessed a limited number of employee accounts and hosting accounts belonging to approximately 28,000 customers. But they couldn’t access the main accounts of GoDaddy customers.

The most recent invasion was noticed in December of 2022. At that time, the attacker accessed the cPanel hosting servers. The company explained that it has responded to subpoenas about the incident that the Federal Trade Commission (FTC) issued in July 2020 and October 2021.

In November 2021, GoDaddy discovered another security breach in which the attacker obtained a password that provided access to GoDaddy’s Managed WordPress service source code.

The attackers gained access in September 2021 and obtained login credentials of WordPress admin accounts, email addresses, and FTP accounts of 1.2 million inactive currently Managed WordPress users. GoDaddy formally disclosed the breach in November 2021.

“We believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.”


GoDaddy has claimed that it has evidence, and law enforcement authorities have also confirmed that a security breach occurred, performed by an organized and sophisticated group.

Furthermore, the company added that the hackers’ primary targets are hosting services such as GoDaddy, infecting websites with malware, and launching phishing campaigns.

  1. GoDaddy customers targeted by clever phishing scam
  2. Sensitive data on 31,000 GoDaddy servers exposed online
  3. Ransomware attack hits SmarterASP.NET hosting’s network
  4. Dark web hosting firm quits after hackers delete its database
Related Posts