
The FTC criticized GoDaddy for being lax about cybersecurity. The company should implement a comprehensive security program to prevent similar problems in the future.
Most units of GoDaddy, one of the largest web hosting providers, have come under fire from the US Federal Trade Commission (FTC) for failing to meet basic cybersecurity standards. The FTC criticized GoDaddy for failing to conduct an inventory of its assets between 2019 and 2022, inconsistently managing software updates and not having multi-factor authentication (MFA). This allowed hackers to gain access to sensitive website and customer information, leading to numerous serious data breaches. The FTC ordered GoDaddy to implement a comprehensive cybersecurity program that includes:
– Responsible security personnel.
– Using a SIEM or similar monitoring tool.
– Audit log and data encryption.
– Provision of secure remote access.
– Mandatory multi-factor authentication.
The company must also hire an independent auditor to review the new program.
The FTC filing notes that of the 450,000 devices GoDaddy identified in September 2020, only 15,000 were accessible. The lack of a systematic approach to software updates and poor network segmentation left customer data vulnerable. Users are advised to check with their hosting providers about their cyber security measures to avoid such situations.
GoDaddy has promised to improve its security standards and avoid similar breaches in the future; The FTC will continue to monitor the implementation of the changes, and users are encouraged to choose their hosting provider carefully.