We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

GoDaddy Breached 3 Times in Multi-Year Campaign

GoDaddy Breached 3 Times in Multi-Year Campaign
Author Image Keira Waddell
Keira Waddell Published on 21st February 2023 Senior Writer

GoDaddy, a domain registrar and web hosting service with over 20 million customers, disclosed last Friday that an unknown group of cybercriminals has gained access to customer accounts three times in the last three years.

In an SEC filing, GoDaddy said, "These incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy."

The most recent breach occurred in December 2022. GoDaddy received customer complaints that their sites were being hijacked to redirect users to unknown, malicious domains. After investigating the matter, it was found that this was the result of malware installed on GoDaddy’s hosting servers by hackers.

The company claims this most recent incident is just part of an ongoing campaign by a single threat actor group, who they assert were the culprits behind earlier breaches revealed in March 2020 and November 2021.

In March 2020, GoDaddy disclosed that threat actors got hold of login information that allowed them to access the hosting accounts of about 28,000 customers, as well as a small number of employee accounts. The attackers used the stolen account credentials to access hosting accounts over SSH in October 2019.

Then, in November 2021, the hackers used a stolen password to breach GoDaddy’s WordPress environment and access the data of 1.2 million Managed WordPress clients. The stolen data included email addresses, WordPress Admin passwords, sFTP and database login information, and SSL private keys.

The company has been investigating the ongoing issue with multiple law enforcement agencies throughout the world, along with forensic experts.

GoDaddy released the following statement on Thursday: "We have evidence, and law enforcement has confirmed that this incident was carried out by a sophisticated and organized group targeting hosting services like GoDaddy. According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution, and other malicious activities.”

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.