GoDaddy has been directed by the Federal Trade Commission (FTC) to implement stronger security measures and halt misleading claims about the security of its hosting services. The settlement follows revelations of inadequate cybersecurity practices and deceptive advertising regarding its security posture.
The FTC investigation revealed that despite GoDaddy’s claims of security being “at the core of everything we do,” the company neglected basic measures such as timely software patching, retiring outdated servers, and securing critical APIs. These failures exposed customers to significant risks, including the theft of sensitive data like login credentials and payment information.
Key Findings from the FTC Complaint
• Ineffective Patching System: GoDaddy relied on individual product teams for patch management without centralized oversight, leaving thousands of shared hosting servers vulnerable to critical exploits.
• Unsecured APIs: A customer support API for managed WordPress services lacked firewalls, multi-factor authentication, and used plaintext credentials, making it an easy target for hackers.
• Prolonged Vulnerabilities: Between October 2019 and December 2022, multiple “threat actors” exploited these vulnerabilities, compromising tens of thousands of servers.
Settlement Terms
While GoDaddy did not admit or deny the allegations, it agreed to a series of measures aimed at bolstering its security. The settlement, notably, does not impose financial penalties but includes requirements to improve infrastructure and prevent further incidents.
This development serves as a stark reminder of the importance of robust cybersecurity practices, particularly for companies entrusted with sensitive customer data. Businesses and consumers alike will be watching closely to see how GoDaddy addresses these shortcomings.
More from: https://domainincite.com/30674-godaddy-ordered-to-stop-lying-about-crappy-security
News Source:domainincite,This article does not represent our position.
