Membership is FREE, giving all registered users unlimited access to every Acorn Domains feature, resource, and tool! Optional membership upgrades unlock exclusive benefits like profile signatures with links, banner placements, appearances in the weekly newsletter, and much more - customized to your membership level!

Domain Incite GoDaddy ordered to stop lying about crappy security

KevDI

KevDI

Joined
Aug 29, 2010
Posts
193
Reaction score
49
GoDaddy has agreed to roll out some pretty basic security measures and has been told to stop lying about how secure its hosting is, under an agreement with US regulators. It turns out that the company, while claiming that security “was at the core of everything we do”, was failing to do some pretty basic […]

The post GoDaddy ordered to stop lying about crappy security first appeared on Domain Incite.

Continue reading...
 
.. so easy to bash a company... every company has its imperfections and vulnerabilities.. I am sure, Domain Incite isn't 1000% bulletproof neither :) .. security is a complex process, especially the larger you grow..
 
.. doing morning works and watching Bill Burr talking about the fire experts :D :D
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

.. funny enough, there are some similarities here
 
RB5 said:
Have you read the document that was linked? https://www.ftc.gov/system/files/ftc_gov/pdf/2023133_godaddy_complaint.pdf
Click to expand...

Good morning :)

yes, I did read through the document broadly (and also asked deepseek to analyze it.. btw, have you tried it - its brilliant!). My stand here is to learn from it to manage my small hosting company Hostmaria better.

and, after attending countless conferences and conventions, it seems that no company is perfect when it comes to security - it’s always a work in progress.

There is a saying that (somewhere from the Book): “Let the first stone be thrown by someone without sin.”

for some, this situation with GoDaddy is a good opportunity to bash them, and for o us in the industry - to rethink our own practices and see where we can do better.

:)

have you tried the deepseek? :) .. let me get a reference where and who mentioned it.. I love it :)
 
Helmuts said:
have you tried the deepseek? :) .. let me get a reference where and who mentioned it.. I love it :)
Click to expand...

the mention is exactly at 2:42:00

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

.. finished watching it yesterday - took me 3 days to complete it without distractions :D :D
 
Helmuts said:
it seems that no company is perfect when it comes to security - it’s always a work in progress.
Click to expand...

There's work in progress then there's just incredibly poor.

In November 2021, a spike in customer inquiries alerted GoDaddy to a compromise of its WordPress Managed Hosting service in the Shared Hosting environment. A threat actor used previously compromised credentials to access an internet-facing API that enabled customer 11 service staff to retrieve information on GoDaddy’s customers. The API could be queried for several types of data: (1) customers’ email addresses; (2) private encryption keys; and (3) three types of credentials—their WordPress administration credentials; credentials to a database where the customer could store data associated with their site; and their secure File Transfer Protocol credentials, which customers use to upload files to their sites. GoDaddy used sequential customer IDs for each customer account, enabling the threat actor to easily query for additional customers’ data. The threat actor queried the API for 1.2 million customers’ data, including data of nearly 700,000 customers in the United States. Because of its limited logging practices, GoDaddy was unable to determine which data elements the threat actor accessed for each customer.
Click to expand...

In remediating the Managed WordPress incident, GoDaddy placed the API behind an application firewall so it could not be accessed from the internet, but it has since removed that protection. GoDaddy notified the affected customers, reset their credentials, and revoked the certificates associated with potentially compromised private keys. GoDaddy attempted to rekey the certificates on its customers’ behalf, and, where it could not, provided instructions on how to do so.
Click to expand...
 
You must log in or register to reply here.

Similar threads

KevDI
Domain Incite GoDaddy getting a free pass from porn jail?
Replies
0
Views
439
KevDI
KevDI
it.com
it.com How to Fix “Your Connection To This Site Is Not Secure” Issue: A Guide for Website Owners
Replies
0
Views
216
it.com
it.com
Helmuts
Security Updates Important Announcement: Data Security Incident - User Full Names
Replies
10
Views
1K
Adam H
Adam H
KevDI
Domain Incite Jury still out on ICANN’s content policing powers
Replies
0
Views
289
KevDI
KevDI
Acorn Newsbot
Nominet Raising the bar on .UK domain safety: Nominet’s approach to new legislation
Replies
0
Views
126
Acorn Newsbot
Acorn Newsbot

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 521 (members: 11, guests: 510)
IT.com

Premium Members

Sedo
Aucdom Auctions
dot Hiphop

Latest Comments

Upcoming events

New Threads

Other domain forums

Other domain forums.
Global
Asia
Europe
North America
Oceania & Australia

Our Mods' Businesses

DomainUI Mod
*the exceptional businesses of our esteemed moderators
DDCamp Alsace Domain name conference - March 21, 2025 - Strasbourg (France)
General chit-chat
Help Users
  • No one is chatting at the moment.
      There are no messages in the current room.
      Top Bottom