23/68 Friday, January 17, 2025
The U.S. Federal Trade Commission (FTC), an independent agency dedicated to protecting consumers, has released a report stating that GoDaddy, a major hosting provider managing over 82 million domain names, has failed to implement basic security measures for its platform since 2018. This negligence has left customers and website visitors vulnerable to cybersecurity threats.
The report highlights that GoDaddy lacked proper asset management and software maintenance, failed to conduct risk assessments for its hosting services, did not enforce multi-factor authentication (MFA), and failed to maintain security logs. Additionally, the company neglected to segment its network and secure critical connections. These issues led to multiple breaches between 2019 and 2022, during which malicious actors gained continuous access to customer websites and data, resulting in significant damages to personal information and trust.
Although GoDaddy neither admitted nor denied the allegations, it reached an agreement with the FTC requiring the company to take the following corrective actions:
- Establish a comprehensive data security system within 90 days.
- Implement automated security analysis tools, such as SIEM, for real-time incident monitoring.
- Enforce MFA for all employees and stakeholders accessing the system.
- Utilize secure protocols like HTTPS for API operations.
- Refrain from misrepresenting security measures.
GoDaddy is also required to hire independent assessors to evaluate the effectiveness of its security program. Non-compliance with the agreement may result in fines of up to $51,744 per violation.
A GoDaddy spokesperson confirmed that the company has already begun improving its security systems and emphasized its commitment to protecting customer data while continuing to invest in measures to combat evolving threats.
Source https://www.theregister.com/2025/01/15/godaddy_ftc_order/
