The FTC urges GoDaddy to improve its security practices.

The Federal Trade Commission (FTC) has filed a formal complaint against GoDaddy, stating that the company has misled its customers regarding the security of its web hosting services. This notice acts as a final warning for GoDaddy, which must address security concerns dating back to 2018. However, no immediate consequences for the company are anticipated.

Among the allegations outlined in the FTC's complaint are several violations of the FTC Act, highlighting a series of serious mistakes by GoDaddy. It is accused of failing to maintain proper inventory and manage assets appropriately; not performing necessary software updates; not assessing the risks associated with its hosting services; and failing to implement multi-factor authentication, among other issues.

The complaint also underscores significant breaches that occurred between 2019 and December 2022, during which malicious actors were able to access sensitive customer information. The attacks were documented over several months, including October 2019 and April 2020, and involved incidents such as redirects to malicious sites, email script infections, database attacks, vulnerabilities in user authentication, as well as the use of outdated plugins and codes.

As a result of this situation, GoDaddy has agreed to a settlement that prohibits making false or misleading security claims. Furthermore, it is required to implement an information security program, conduct regular third-party compliance assessments, and report any security incidents to the FTC promptly.

GoDaddy has issued a statement reaffirming its commitment to protecting its customers' data and websites, assuring that it invests significantly in technologies and resources to safeguard its systems. They have also indicated that they have not admitted guilt in the resolution of this matter and that no monetary penalties have been imposed, anticipating minimal financial impact from complying with the terms of the settlement.