The Federal Trade Commission just called out GoDaddy, one of the largest web hosting providers, claiming that its security protocols fall short of today’s standards. We’ll cover why GoDaddy is facing such criticism and the potential risks for customers as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• FTC taking action against GoDaddy.
• Why GoDaddy’s security practices are under scrutiny.
• How multiple breaches involving GoDaddy were revealed.
• New mandatory protections being required by the FTC.
• GoDaddy’s response to the FTC’s allegations.
• How businesses can secure their web hosting.

Video transcript

GoDaddy hosts millions of websites worldwide, making it a key player for businesses looking to establish an online presence. With such a big role, you’d assume they’ve nailed security—but the FTC says otherwise.

In a recent report from the FTC, the commission found that GoDaddy wasn’t doing enough to protect its hosting services. For example, the company lacked mandatory multi-factor authentication for users and employees, leaving systems more vulnerable to unauthorized access. They also failed to adequately monitor for threats, neglecting to analyze security logs effectively. Critical software updates weren’t being consistently applied, leaving outdated systems exposed. Additionally, there was a lack of network segmentation, meaning secure and less-secure areas weren’t properly isolated.

The FTC’s job is to protect consumers and businesses from practices that can put their data—and trust—at risk. They’ve stepped in because GoDaddy’s shortcomings exposed millions to potential harm, including breaches and malware attacks.

Between 2019 and 2022, several breaches exploited GoDaddy’s weak points. Hackers were able to redirect customers’ websites to malicious sites, putting consumers at risk. In one instance, attackers stole sensitive data, including passwords, email addresses, and SSL keys. A multi-year attack even allowed malware to be installed on GoDaddy’s servers, further compromising its systems.

The FTC’s proposed settlement lays out new requirements for GoDaddy. The company must implement a robust information security program to better protect customer data. They are also required to add mandatory MFA for all customers, employees, and contractors, making it harder for unauthorized users to gain access. Additionally, GoDaddy will be subject to regular independent security audits to ensure compliance with the new standards.

GoDaddy has stated that they’ve already started meeting some of these requirements. They emphasize their ongoing commitment to security but have also made it clear that they admit no fault in this matter.

While your IT provider may not build websites, most knowledgeable partners, like Rocket IT, can ensure your hosting and security practices meet high standards. Our team works with organizations to help implement MFA, secure networks, and identify vulnerabilities before they become an issue. For those who need help securing their IT environment, simply contact Rocket IT using the link in this video’s description. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.