The discovery was first made on WordFence, a website security and monitoring system used by hosting providers. Recently, the team there discovered a backdoor, which allowed for the infection of 298 websites of which 281 were hosted on GoDaddy.
What we currently know about the backdoors (infections), is they are an old 2015 SEO-poisoning tool, designed to inject malicious pages directly into a websites search results. Customers are then redirected to pages designed to promote fake products and contact forms resulting in stolen information and funds.
Investigators are currently working to determine whether this a supply chain attack on the vendor. It was only recently GoDaddy disclosed a data breach from November 2021, which affected over 1.2 million customers. So far there’s no word from GoDaddy on why such a large percentage of their sites have been affected.
If you’re hosted on GoDaddy get in contact with our team about a secure hosting quote.