One-sentence summary:
GoDaddy was allegedly attacked by an APT during a breach campaign between 2020-2022, affecting over a million GoDaddy customers.
Who was involved?
GoDaddy, a threat actor, and over a million website owners.
What was the timeline?
Breaches active: March 2020-December 2022.
Form 10-K report: December 31, 2022.
Last report: February 16, 2023 (GoDaddy, 2023).
What occurred?
GoDaddy suffered multiple breaches and cyber incidents between March 2020-December 2022, and all appear linked to an APT (GoDaddy Inc., 2022, p. 30).
March 2020: 28,000 customer credentials plus several employees were breached.
November 2021: an internal account was compromised, leading to a breach of 1.2 million Managed WordPress (MWP) users and source code.
December 2022: Threat actor “installed malware on our cPanel hosting servers,” causing malicious redirects (GoDaddy Inc., 2022, p. 30).
Estimated costs:
Outside incident response costs and “spent resources investigating and responding to this activity” (GoDaddy Inc., 2022, p. 30).
Involved laws:
Securities Exchange Act of 1934.
Root cause:
TBA or N/A (see disclaimer)
Lessons learned:
TBA or N/A (see disclaimer)
Sources:
GoDaddy. (2023, February 16). Statement on recent website redirect issues. godaddy.net. Retrieved February 18, 2023, from https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
GoDaddy Inc. (2022). FORM 10-K. In cloudfront.net (No. 001–36904). UNITED STATES SECURITIES AND EXCHANGE COMMISSION. Retrieved February 18, 2023, from https://d18rn0p25nwr6d.cloudfront.net/CIK-0001609711/e4736ddb-b4c7-485b-a8fc-1827691692c9.pdf