1. Forum
  2. FidoNet
  3. POLITICS

  • FTC tells GoDaddy to shap

    From Mike Powell@1:2320/105 to All on Tue May 27 08:16:00 2025
    FTC tells GoDaddy to shape up and secure its hosting services following 2018 attacks

    Date:
    Tue, 27 May 2025 12:28:00 +0000

    Description:
    In the last seven years, GoDaddy has suffered multiple attacks, some of which were rather destructive.

    FULL STORY

    The US Federal and Trade Commission (FTC) has outlined almost a dozen requirements which hosting provider GoDaddy must fulfill in order to settle
    the charges of data security failings that resulted in multiple data breaches in recent years.

    In a 14-page document , the FTC first stated that GoDaddy must no longer misrepresent its security and data protection practices, use of security technologies, or its participation in security and privacy programs
    (suggesting that the company actually misled users about its security practices).

    GoDaddy then has 90 days to implement a comprehensive program that is documented and updated at least once a year (or after an incident), assigns a qualified person responsible, and assesses and manages internal and external security risks, among other things.

    Additional requirements

    The hosting giant also has 180 days to disconnect or secure unsupported software and hardware, monitor for unauthorized changes to the OS and app files, and to set up phishing-resistant multi-factor authentication (MFA) for employees, contractors, and customers. APIs need to be secured with HTTPS, authentication, rate-limiting, and monitoring.

    Other requirements include third-party security assessments, full cooperation with assessors, annual executive certification, incident reporting, and more.

    GoDaddy is one of the best website hosting companies around, serving more
    than five million customers across the world.

    Roughly two years ago, it was discovered that an unknown threat actor had
    been sitting in GoDaddys systems for several years, installing malware, stealing source code, and attacking the companys customers.

    The company's SEC filing at the time showed the attackers breached GoDaddys cPanel shared hosting environment and used that as a launch pad for further attacks. The company described the hackers as a sophisticated threat actor group.

    The group was eventually spotted in late 2022 when customers started
    reporting that traffic coming to their websites was being redirected
    elsewhere.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ftc-tells-godaddy-to-shape-up-and-secur e-its-hosting-services-following-2018-attacks

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)