Go Daddy needs “proper disclosure”

Speaking on Go Daddy’s tepid response to a series of malware attacks on its servers, Jason Remillard makes an interesting point on his blog: Could BP learn from our industry?

Perhaps what is really needed here is some good solid case law to remind vendors and service providers of their responsibilities. 

Since April, Go Daddy’s hosting servers have been hit with mass attacks on WordPress,  Joomla,  and plain vanilla HTML sites, infecting thousands of customers with dangerous malware that redirects users to fake AV pages, causing hours of downtime as customers trouble shoot and fix malware.

Go Daddy released this statement in April:

The compromise of your account is outside of the scope of security that we provide . . . Overall security of your password and the content within your account is your responsibility . . .

Wha??? Another wave of attacks was unleashed in May, and one again these past couple of days:

June 8th, 2010: Godaddy Sites Hacked with Cloudisthebestnow:

If you thought your problems at GoDaddy were over, well, not yet.

We’ve confirmed that today at around 3pm EST, GoDaddy servers were hacked again. Malware pointing to cloudisthebestnow.com/kp.php was inserted on thousands of sites hosted by the provider.


Mr. Remillard reminds readers that Tylenol introduced sealed caps because of lawsuits, and McDonald’s reduced the temperature of its coffee because of lawsuits, so the same remedy should be posed here against Go Daddy: lawsuits.

Additional Links: