FTC takes action against GoDaddy for alleged lax data security

It&#x27;s amazing that (approximately) no one cares about stuff like this.<p>GoDaddy was severely breached several times over several years, yet they still rake in billions of revenue from their millions of customers. Now they have to pay someone to fill out a biennial checklist and... promise to not lie. Awesome.<p>If you own a company, why even bother with security? Security is expensive. Wait until a breach is exposed, offer $10 credit monitoring (at best), accept the free press coverage, <i>maybe</i> pinky promise to not lie if you&#x27;ve been particularly egregious in your handling of multiple incidents, and then carry on like normal. (This is tongue-in-cheek, I work in security, but I am frustrated with how often stories like this one occur)

GoDaddy is one of the sleaziest companies I know of.<p>I ran a website hosted on GoDaddy for a local business when the server cluster was hacked. GoDaddy admitted it was their fault, but the business ended up having to pay me to fix the site. GoDaddy also managed to convince the business to pay for an additional monthly &quot;security&quot; plan, which included page caching. They set everything up over the phone without talking to me at all.<p>The next day I notice some odd behavior with the admin pages, then realize they&#x27;re being cached, not only that but they&#x27;re now <i>publicly accessible</i>. GoDaddy&#x27;s improved security plan ended up being responsible for a data leak. They really screwed up twice but there was zero penalty, the only consequence was they made more money. The business chose to stay with GoDaddy, despite my recommendations. They saw the ads on TV and were convinced GoDaddy is the pinnacle of web hosting.<p>Also, check this out: <a href="https:&#x2F;&#x2F;www.butterflyave.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.butterflyave.com&#x2F;</a><p>Those assholes have parked my old business name, and want to sell it back to me for $1,499.

I was shocked when I purchased a domain recently on GoDaddy (I normally use Cloudflare or AWS) and noticed that they have an &#x27;upsell&#x27; with more security options (MFA and some other features) for something like $10&#x2F;yr. Why wouldn&#x27;t they want their customers to be more secure by default? To me it just reeks of money-grabbing for people that are none the wiser.

SendGrid, pre IPO, had a GoDaddy security incident: someone social engineered one of the GoDaddy support reps into giving them control of our domain. We were able to re-secure the domain before the attacker fully locked us out. They could have powned all of our email links.

The FTC action is because GoDaddy claimed to have security when they didn’t - not because they didn’t have security in the first place.<p>Subtle but important difference.<p>Also the remedies include having a complete security program within 90 days IIRC, on what world would anyone think that’s remotely possible?<p>They wouldn’t even have an RFP drafted in 90 days.

If you think GoDaddy is <i>the most</i> terrible, you have never been exposed to the hell that is Network Solutions.<p>GoDaddy is big, safe and terrible. Network Solutions is big, safe and even worse.

I can&#x27;t believe GoDaddy is still in business. Shows you can be a horrible company -- borderline scammy back in the day -- and somehow survive.<p>FWIW we&#x27;ve used Gandi for years and very happy with it.

In related news, their ISO 27001 certificate just expired. Seems in line with their overall security posture then <a href="https:&#x2F;&#x2F;img1.wsimg.com&#x2F;&#x2F;Sitecore&#x2F;6&#x2F;1&#x2F;registrar-iso27001-certificate.pdf" rel="nofollow">https:&#x2F;&#x2F;img1.wsimg.com&#x2F;&#x2F;Sitecore&#x2F;6&#x2F;1&#x2F;registrar-iso27001-cert...</a>

They should be looking into them for buying up all the competitors in domain selling. The bought two of the biggest competitors Dan.com and unregistery. Dan.com charge 9% on a sale of a domain now godaddy is charging 30%. Completely different company since Bob Parsons sold to a couple private equity firms.

Firstly, I would say spyrecovery36 @ gm ail com is the only hacker you can go to for positive outcome here. Customer service is great. After reading great reviews about him on almost all the websites i researched on, I hired him to hack my cheating spouse&#x27;s iPhone 14 and trust me when i say he hacked the device and gave me full access to his phone. His services were cost effective, top notch and easy to use. I highly recommend this hacker for any hacking services. Pay for the use of his services and avoid scam stories. stay safe

I guess its just the power of advertising but its amazing to me that GoDaddy continues to be a popular solution for hosting, domain registration, etc given their absolute toilet of a reputation.

Are there any security related accreditations for a company that are worth more than the paper they are(n&#x27;t) printed on?

Moved all my domains to porkbun last year...could not be happier!

I never thought I&#x27;d be a fan of a government agency. But here we are.

Time for GoDaddy&#x27;s CEO to book a few rooms at Trump Hotel in DC.

A good law would be that if a customer&#x27;s data is leaked, any and all revenue that was made with&#x2F;through that customer must be returned to the customer. All of a sudden companies will magically remember how to do half-way sober IT again.