GoDaddy joins the dots and realizes it’s been under attack for three years

From theregister.com

IN BRIEF Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020.

The business took the unusual step of detailing the attacks in its Form 10-K – the formal annual report listed entities are required to file in the US.

The filing details a March 2020 attack that “compromised the hosting login credentials of approximately 28,000 hosting customers to their hosting accounts as well as the login credentials of a small number of our personnel” and a November 2021 breach of its hosted WordPress service.

The latest attack came in December 2022, when boffins detected “an unauthorized third party gained access to and installed malware on our cPanel hosting servers,” the filing states. “The malware intermittently redirected random customer websites to malicious sites.”

Read more…