The FTC has slapped Godaddy, one of the biggest web hosts with penalties after it was found that the company was lackadaisical in their cybersecurity.
The issues stem back to 2018 when they started having issues. They even submitted a statement to Bleeping Computer after the article was orginally published. I’d love to call Bull Shit on it, but we’ll see.
They sent:
GoDaddy has a long history of offering innovative products to our web hosting customers. We are focused on protecting our customers’ data and websites, and we invest significant resources in technologies, tools and talent to help safeguard systems and information. We are constantly improving our security capabilities and have already implemented a number of the requirements in the settlement agreement with the FTC. Notably, the resolution of this matter includes no admission of fault and no monetary penalties. We expect minimal financial impact associated with complying with the terms of the agreement with the FTC. We plan to continue to invest in our defenses to address evolving threats and help keep our customers, their websites and their data safe.
If this is the case, then why did you get called out publicly for the shitty job your company did?
For instance, in February 2023, the hosting giant disclosed that unknown attackers stole source code and installed malware on compromised servers after breaching its cPanel shared hosting environment in a multi-year breach.
Right! And I understand from what I was told it was a proprietary control panel, not Cpanel.
The article continues:
The company said it only discovered the breach in early December 2022 after receiving customer complaints that their websites were being used to redirect to unknown domains.
The beginning says:
According to the FTC’s complaint, GoDaddy’s unreasonable security practices included failing to use multi-factor authentication (MFA), manage software updates, log security-related events, segment its network, monitor for security threats (including by failing to use software that could actively detect threats from its many logs), and use file integrity monitoring.
The company also failed to inventory and manage assets, assess risks to its website hosting services, and secure connections to services that provide access to consumer data.
Lax security practices led to multiple breaches
I know that my web hosting side of the control panel offers two factor, and I saw how to enable it, but I don’t know if that enables things for all accounts. Its something I can investigate if absolutely necessary.
While I’ve taken portions of this article as part of my discussion, there’s plenty more if you want to read the entire thing.
This is fucking stupid, Godaddy. I’ll never use your services, and that includes your domain management system. We don’t even know how bad it is.
FTC orders GoDaddy to fix poor web hosting security practices is a bleeping computer article. Have fun!
Edited this on January 18th to correct the title from FCC to FTC as this is what its talking about. Sorry about that! Also edited the first paragraph. Whoops!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.