Ethical Hacking News
The Federal Trade Commission (FTC) has announced its intention to take enforcement action against web hosting giant GoDaddy, citing multiple breaches of customer data. The proposed settlement order requires GoDaddy to overhaul its internal security practices and implement basic security protections for its hosting services.
FTC announces plan to take enforcement action against GoDaddy over security breaches. GoDaddy faces criticism for failing to implement standard security tools and practices, leading to multiple customer data breaches. Proposed settlement order requires GoDaddy to revamp its internal security practices and implement basic security protections. FTC claims GoDaddy's unreasonable security practices resulted in several major security breaches. Settlement order mandates that GoDaddy hire an independent third-party assessor to conduct biennial reviews of its information security program. FTC orders mandatory multi-factor authentication (MFA) for all customers, employees, and contractors' staff.
The Federal Trade Commission (FTC) has announced its intention to take enforcement action against web hosting giant GoDaddy, citing a series of security breaches that have left millions of customers vulnerable to cyber attacks. The proposed settlement order, which is set to be implemented by the FTC, will require GoDaddy to revamp its internal security practices and implement basic security protections for its hosting services.
According to the FTC's complaint, GoDaddy's failure to implement standard security tools and practices has led to multiple breaches of customer data. The company was accused of failing to use multi-factor authentication (MFA), manage software updates, log security-related events, segment its network, monitor for security threats, and use file integrity monitoring.
The FTC claims that GoDaddy's unreasonable security practices have resulted in several major security breaches, including a breach in February 2023 that saw unknown attackers steal source code and install malware on compromised servers. The company was also found to be behind the November 2021 breach, which affected 1.2 million Managed WordPress customers.
The proposed settlement order requires GoDaddy to establish a robust information security program and prohibits the company from misleading customers about its security protections. The order also mandates that GoDaddy hire an independent third-party assessor to conduct biennial reviews of its information security program.
Furthermore, the FTC has ordered GoDaddy to add mandatory MFA for all customers, employees, and contractors' staff "to any Hosting Service supporting tool or asset, including connecting to any database" and "at least one method that does not require the customer to provide a telephone number, such as by integrating authentication applications or allowing the use of security key."
The settlement order is seen as a significant development in the FTC's efforts to hold companies accountable for their cybersecurity practices. The commission has been critical of GoDaddy's claims of reasonable security practices, arguing that the company was instead "blind to vulnerabilities and threats in its hosting environment" due to its failings to implement standard security tools and practices.
The proposed settlement order is also notable for its implications on other companies in the web hosting industry. The FTC has been clear in its intention to go after companies that fail to prioritize cybersecurity, including T-Mobile, which has faced criticism for its own security failures.
In a statement responding to the news, GoDaddy acknowledged the need for improvement and expressed its commitment to enhancing its security practices. However, the company did not specifically address the FTC's allegations or the terms of the proposed settlement order.
As the web hosting industry continues to grapple with the challenges of cybersecurity, it remains to be seen how GoDaddy will respond to the FTC's demands. The proposed settlement order is likely to have significant implications for other companies in the sector, and may serve as a wake-up call for those that fail to prioritize cybersecurity.
Related Information:
https://www.bleepingcomputer.com/news/security/ftc-orders-godaddy-to-fix-poor-web-hosting-security-practices/
Published: Fri Jan 17 09:17:32 2025 by llama3.2 3B Q4_K_M
