- FTC Formally Complains About GoDaddy’s Security Claims
- “Major commitments” between 2019 and 2022 are cause for concern
- GoDaddy has reached an agreement with the FTC to improve security
A new Federal Trade Commission complaint accused GoDaddy of misleading customers and failing to sufficiently protect its web hosting services.
The notice serves as a final warning to the company, which has been asked to address security issues dating back to 2018; however, GoDaddy will not face any immediate consequences.
The FTC has now highlighted the list of errors allegedly committed by the company in an official complaint, including violations of the FTC Act.
GoDaddy receives a reprimand from the FTC
The long list accuses GoDaddy of failing to: “(a) inventory and manage assets; (b) manage software updates; (c) assess the risks to your website hosting services; (d) use multi-factor authentication; (e) record security-related events; (f) monitor security threats, including by not using software that can actively detect threats from its numerous logs and not using file integrity monitoring; (g) segment your network; and (h) secure connections to services that provide access to consumer data.”
In the complaint, the FTC highlights some “significant compromises” between 2019 and December 2022 that involved threat actors obtaining sensitive customer information. They include attacks in October 2019, March 2020, April 2020 and November 2021.
Redirects to malicious sites, data harvesting, mail script infections, database attacks, user authentication vulnerabilities, outdated plugins and code, and DDoS attacks were highlighted as possible implications of poor security in the FTC complaint.
As a result, GoDaddy agreed to a settlement prohibiting it from making false or misleading security claims. You must also implement an information security program, conduct periodic third-party compliance assessments, and report security incidents to the FTC promptly.
GoDaddy sent us the following statement:
“GoDaddy has a long history of providing innovative products to our web hosting customers. We are focused on protecting our customers’ data and websites, and we invest significant resources in technologies, tools and talent to help safeguard systems and information. We are We are constantly improving our security capabilities and have already implemented a number of requirements in the settlement agreement with the FTC.
“Notably, the resolution of this matter does not include an admission of guilt or monetary penalties. We expect minimal financial impact associated with meeting the terms of the settlement with the FTC. We plan to continue investing in our defenses to address evolving threats and help to keep our customers, their websites and their data safe.”
