Summary: The Federal Trade Commission (FTC) has mandated GoDaddy to enhance its security measures, including implementing multi-factor authentication and HTTPS APIs, due to significant security failures since 2018. The FTC’s complaint highlights GoDaddy’s misleading claims about its security practices, which left millions of customers vulnerable to breaches. As a result, GoDaddy will be required to establish a comprehensive information security program and undergo regular independent assessments.
Threat Actor: Unknown attackers | unknown attackers
Victim: GoDaddy customers | GoDaddy customers
Keypoints :
- FTC charges GoDaddy for failing to implement basic security protections, misleading customers about its security practices.
- Multiple breaches occurred between 2019 and 2022, including a significant breach in February 2023 that compromised customer data.
- The settlement requires GoDaddy to improve its security protocols and undergo independent assessments to ensure compliance.