Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
GoDaddy data breach overview:
- Who: GoDaddy has revealed that it suffered a multiyear data breach that the hosting company is linking back to previous data breach disclosures in March 2020 and November 2021.
- Why: GoDaddy is attributing the data breach to a multiyear campaign conducted by bad actors they believe are intentionally targeting hosting services.
- Where: Consumers nationwide use GoDaddy.
GoDaddy has revealed it suffered a multiyear data breach in which unknown hackers stole source code and installed malware on the company’s servers.
The hosting company has attributed the security incident to a breach of its cPanel shared hosting environment by a “sophisticated and organized group targeting hosting services like GoDaddy.”
“According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities,” GoDaddy said.
GoDaddy said it discovered the data breach in December after it received customer reports that their websites were being used to redirect web users to random domains.
In a filing with the U.S. Securities and Exchange Commission, GoDaddy said its investigation determined the data breach has been part of a “multi-year campaign by a sophisticated threat actor group.”
GoDaddy links current data breach disclosure to previous data breaches from 2020, 2021
GoDaddy has linked the “campaign” back to previous breach disclosures the company made in March 2020 and November 2021.
In the November 2021 data breach, hackers reportedly used a compromised password to breach GoDaddy’s WordPress hosting environment, affecting 1.2 million Managed WordPress customers.
GoDaddy customers affected by the November 2021 breach had their email addresses, database credentials, WordPress Admin passwords, and other information exposed during the attack.
The company had previously notified 28,000 of its customers in March 2020 that they had been affected by a data breach that was attributed to a hacker who made unauthorized use of web hosting account credentials in October 2019.
GoDaddy said it has begun working with external cybersecurity forensic experts and law enforcement agencies around the world to try and determine how the breach could have occurred.
In other recent data breach news, LendUS agreed to a settlement last month to resolve claims the company failed to protect consumers during a 2021 data breach that compromised information that included Social Security numbers.
Have you been impacted by a GoDaddy data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
25 thoughts onGoDaddy says it suffered multiyear data breach
Closed my account but still have hackers tracking my activities every day: changing settings, deleting emails & contacts, stealing documents, and calling impersonating my bank’s security department. Have had to beef up my security and keep my phone off to all because they will even use my contacts’ phone numbers! Please add me.
Add me please.
W/ thousands of names at GoDaddy, the diff between their security today, and 20+ yrs ago, is a bit distressing. Having been moving chunks of domains to other registrars. Question is, are any safe? Can’t think of anything more likely to be effective than dividing your domains amongst multiple registrars, ie: Porkbun,; NameCheap, or whichever you’re comfortable with. #GoDaddy #notrust #registrars #GoDaddySucks
How does this affect my certs with godaddy? I have both domains and certs with them.
I have been telling them about malicious redirects since 2020. Our site was hacked and redirected, then our domains were redirected. Printed copies of the chat support because I couldn’t believe how reckless they were. They simply didn’t care
The GoDaddy account resulted in multiple affected products and at the time, witnessing the events occur live, GoDaddy was not able to confirm or deny the situation. For multiple years, law firms including GoDaddy failed to provide a resolution of these terms which remain unresolved today. After attempting to regain access to these products through external terms from a data breach all attempts were exhausted.
If these individuals were able to manipulate products it would not surprise me what they are capable of doing with preliminary or financial information.
Yes please add me.
Me to add me to godaddy breach
I had several GoDaddy accounts. Please add me to the list.
Add me please I have go daddy account
Affected
ADD ME
Add me
Yes, I have an account with GoDaddy and they have all of my account information