Controversies surrounding GoDaddy

In 2002, GoDaddy sued VeriSign for domain slamming[https://www.theregister.co.uk/2003/09/25/verisign_slammed_for_domain_renewal TheRegister.co.uk]: VeriSign slammed for domain renewal scam and again in 2003 over its Site Finder service.{{cite web|date=2003-09-22|title=CircleID 9/22/03|url=http://www.circleid.com/posts/go_daddy_sues_verisign_over_site_finder/|access-date=2009-04-20|publisher=Circleid.com}} This latter suit caused controversy over VeriSign's role as the sole maintainer of the .com and .net top-level domains. VeriSign shut down Site Finder after receiving a letter from ICANN ordering it to comply with a request to disable the service.{{cite web|title=10/3/03|url=http://www.internetnews.com/ent-news/article.php/3087071|access-date=2009-04-20|publisher=Internetnews.com}} In 2006, GoDaddy was sued by Web.com for patent infringement.{{Cite news|last=Berr|first=Jonathan|date=2006-06-21|title=GoDaddy Gets Sued|publisher=TheStreet.com|url=http://www.thestreet.com/tech/internet/10293025.html|url-status=dead|access-date=2006-08-12|archive-url=https://web.archive.org/web/20060716081041/http://www.thestreet.com/tech/internet/10293025.html|archive-date=2006-07-16}}{{Cite news|last=Mills|first=Elinor|date=2006-06-19|title=Domain registrars in court|publisher=CNET|url=http://news.cnet.com/2110-1030_3-6085599.html|archive-url=https://web.archive.org/web/20110616062912/http://news.cnet.com/2110-1030_3-6085599.html|archive-date=2011-06-16}}

On December 19, 2006, GoDaddy received a third-party complaint of invalid domain contact information in the WHOIS database for the domain FamilyAlbum.com.{{cite web|title=Domain Name Wire. "GoDaddy Deletes Domain Name for Inaccurate Email Address." February 27, 2007.|date=27 February 2007 |url=http://domainnamewire.com/2007/02/27/godaddy-deletes-domain-name-for-inaccurate-email-address/|archive-url=https://web.archive.org/web/20070302072828/http://domainnamewire.com/2007/02/27/godaddy-deletes-domain-name-for-inaccurate-email-address/|archive-date=2007-03-02|access-date=2009-04-20}} GoDaddy wrote a letter to the owner of FamilyAlbum.com saying, "Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the WHOIS database is valid data or not... On 12/19/2006 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain." The editor of "Domain Name Wire" said that since domain names are valuable it was reasonable to expect that the registrar would try to contact the domain owner by phone or postal mail. On February 28, 2007, GoDaddy offered to get the domain name back for the previous owner if he would indemnify GoDaddy from legal action by the new registrant.{{cite web|title=Domain Name Wire. "GoDaddy Responds to Deletion Over Invalid Email Address." February 28, 2007.|date=28 February 2007 |url=http://domainnamewire.com/2007/02/28/godaddy-responds-to-deletion-over-invalid-email-address/|archive-url=https://web.archive.org/web/20070302072506/http://domainnamewire.com/2007/02/28/godaddy-responds-to-deletion-over-invalid-email-address/|archive-date=2007-03-02|access-date=2009-04-20}} GoDaddy stated that the new owner paid $18.99 for the domain, the price of a backorder, not a regular registration. On November 2, 2007, Domain Name Wire reported that it appears that GoDaddy no longer cancels domains for invalid WHOIS.{{cite web|title=Domain Name Wire. "Has GoDaddy Done a 180 on Invalid Whois?" November 2, 2007|date=2 November 2007 |url=http://domainnamewire.com/2007/11/02/has-godaddy-done-a-180-on-invalid-whois/|access-date=2009-04-20|publisher=Domainnamewire.com}} The editor on Domain Name Wire received a message from a reader who is trying to acquire a domain with obviously false WHOIS information. The message from GoDaddy said, "The domain has been suspended due to invalid WHOIS. The domain will remain in suspension through expiration, including the registry's redemption period, unless the owner updates the contact information before that time."

== Suspension of Seclists.org and purchase of No Daddy ==

On January 24, 2007, GoDaddy deactivated the domain of computer security site Seclists.org, taking 250,000 pages of security content offline.{{Cite news|last=McCullagh|first=Declan|date=2007-01-25|title=GoDaddy pulls security site after MySpace complaints|publisher=CNET|url=http://news.cnet.com/2100-1025-6153607.html|archive-url=https://web.archive.org/web/20140714230436/http://news.cnet.com/2100-1025-6153607.html|archive-date=2014-07-14}} The shutdown resulted from a complaint from Myspace to GoDaddy regarding 56,000 usernames and passwords posted a week earlier to the full-disclosure mailing list and archived on the Seclists.org site as well as many other websites. Seclists.org administrator Gordon Lyon, who goes by the handle "Fyodor", provided logs to CNET showing GoDaddy de-activated the domain 52 seconds after leaving him a voicemail and he had to go to great lengths to get the site reactivated. GoDaddy general counsel Christine Jones stated that GoDaddy's terms of service "reserves the right to terminate your access to the services at any time, without notice, for any reason whatsoever."{{cite web|date=July 26, 2011|title=Legal agreement|url=http://www.godaddy.com/agreements/showdoc.aspx?pageid=CONSOLIDATE|access-date=January 27, 2012|publisher=GoDaddy.com}} The site seclists.org is now hosted with Linode. The suspension of seclists.org led Lyon to create NoDaddy.com,{{cite web|title=Archived copy of NoDaddy.com|url=http://nodaddy.com/|archive-url=https://web.archive.org/web/20110627205958/http://nodaddy.com/|archive-date=2011-06-27}} a consumer activist website where dissatisfied GoDaddy customers and whistleblowers from GoDaddy's staff share their experiences.{{cite news|last=Poulsen|first=Kevin|date=2007-01-29|title=GoDaddy, Meet NoDaddy | Threat Level from Wired.com|publisher=Blog.wired.com|url=https://blog.wired.com/27bstroke6/2007/01/godaddy_meet_no.html|access-date=2009-04-20}}{{cite web|last=Newitz|first=Annalee|author-link=Annalee Newitz|date=2007-02-05|title=The Self-Appointed Censors of GoDaddy|url=http://www.alternet.org/story/47669/|access-date=2009-04-20|publisher=AlterNet}} On July 12, 2011, an article in The Register reported that, shortly after Bob Parsons' sale of GoDaddy, the company purchased gripe site No Daddy. The site had returned a top 5 result on Google for a search for GoDaddy.{{cite web|last=Murphy|first=james smith|date=July 12, 2011|title=GoDaddy admits domain transfers on rise|url=http://heluxtech.blogspot.com/2011/12/godaddy-admits-domain-transfers-on-rise.html|access-date=November 27, 2011|publisher=heluxtech}}{{cite web|last=Murphy|first=Kevin|date=July 12, 2011|title=GoDaddy no-no means No Daddy is no-go|url=https://www.theregister.co.uk/2011/07/12/godaddy_shuts_down_nodaddy/|access-date=December 23, 2011|website=The Register}}

On March 11, 2008, GoDaddy shut down RateMyCop.com — a RateMyProfessors-type site where people would comment on their interactions with law enforcement officers. Some reports said there had been complaints from police. A GoDaddy spokesperson said, "Basically, he was paying for compact car, when he really needed a semi-truck."{{cite news|last=Mills|first=Elinor|date=2008-03-12|title=Go Daddy shuts down police-rating Web site|publisher=CNET|url=https://www.cnet.com/news/go-daddy-shuts-down-police-rating-web-site/}} The registrar for the name, Name.com, continued to allow the DNS to resolve, and it is now hosted at Lunarpages. GoDaddy stated the reason for shutting down the Web site had nothing to do with censorship or complaints but that the site was receiving too many simultaneous connections.{{cite web|last=Nussenbaum|first=Evelyn|date=2008-03-12|title=Censorship: GoDaddy is fightin' mad|url=http://valleywag.com/367201/go-daddy-is-fightin-mad|url-status=dead|archive-url=https://web.archive.org/web/20080912044922/http://valleywag.com/367201/go-daddy-is-fightin-mad|archive-date=2008-09-12|access-date=2009-04-20|publisher=Valleywag.com}} In 2006, GoDaddy locked access to the Irish Web site RateYourSolicitor.com after the Irish high court issued an order to remove offensive material about a barrister from the site.{{cite news|author=Trailer park|date=2006-09-16|title=American company blocks off access to 'rate your lawyer' site|publisher=Independent.ie|url=http://www.independent.ie/national-news/american-company-blocks-off-access-to-rate-your-lawyer-site-78642.html|access-date=2009-04-20}}

In March 2010, GoDaddy stopped registering .cn domains (China) due to the high amount of personal information that is required to register in that country. Some called it a public relations campaign, since it closely followed Google's revolt in China.[https://web.archive.org/web/20100329231210/http://ibnlive.in.com/news/after-google-godaddy-pulls-out-of-china/112139-11.html?from=webx After Google, GoDaddy pulls out of China]. GoDaddy's top lawyer Christine Jones told Congress, "We were having to contact Chinese users to ask for their personal information and begrudgingly give it to Chinese authorities. We decided we didn't want to become an agent of the Chinese government."[https://www.wired.com/business/2010/03/godaddy-stops-selling-cn-domains-over-china-censorship-concerns/ Godaddy stops selling cn domains over china censorship concerns], Wired, March 2010

GoDaddy resumed registering .cn domain names in February 2016 as part of its push into the Asia market.{{cite web|date=2016-02-29|title=GoDaddy reintroduces China's .Cn domain name|url=https://domainnamewire.com/2016/02/29/godaddy-china-cn/|access-date=8 June 2021|website=Domain Name Wire}}

On April 1, 2011, animal rights groups including PETA complained when a video of GoDaddy founder & CEO Bob Parsons shooting and killing an elephant at night on a safari in Zimbabwe was made by Parsons and posted on his personal blog.{{cite news|date=2011-04-01|title=Technology|work=Los Angeles Times|url=http://latimesblogs.latimes.com/technology/2011/04/peta-closes-godaddy-account-after-ceo-shoots-elephant.html}} PETA said they would be closing their account with GoDaddy.{{cite web|title=GoDaddy CEO Named 'Scummiest'.|date=29 March 2011 |url=http://www.peta.org/b/thepetafiles/archive/2011/03/29/go-daddy-ceo-named-scummiest-of-the-year.aspx}}

In response to the shooting, Gawker called Parsons "insane"{{cite web |last=Chen |first=Adrian |title=Has GoDaddy's Elephant-Killing CEO Finally Gone Too Far? |url=http://gawker.com/5870851/has-godaddys-elephant+killing-ceo-finally-gone-too-far |publisher=Gawker.com |url-status=dead |archive-url=https://web.archive.org/web/20140213024508/http://gawker.com/5870851/has-godaddys-elephant%2Bkilling-ceo-finally-gone-too-far |archive-date=February 13, 2014 |df=mdy }} and "ridiculous."{{cite web |last=Chen |first=Adrian |title=Meet GoDaddy's Ridiculous Elephant-Killing CEO |url=http://gawker.com/5787676/meet-godaddys-ridiculous-elephant+killing-ceo?tag=godaddy |publisher=Gawker.com |accessdate=2014-02-02 |url-status=dead |archive-url=https://web.archive.org/web/20140220043153/http://gawker.com/5787676/meet-godaddys-ridiculous-elephant%2Bkilling-ceo?tag=godaddy |archive-date=February 20, 2014 |df=mdy }} NBC News said "It's definitely the kind of thing only a super-rich CEO/founder of a {{Sic|hide=y|privately|-}}held company could get away with."{{cite web|title=GoDaddy CEO kills elephant, videotapes act|url=https://www.nbcnews.com/id/wbna42356709|publisher=NBC News Business Insider|access-date=2014-02-02}}

On January 27, 2015, GoDaddy released its Super Bowl ad on YouTube. Called "Journey Home", the commercial featured a Retriever puppy named Buddy who was bounced out of the back of a truck. After making a journey home his owners are relieved because they just sold him on a website that they built with GoDaddy. GoDaddy claims the ad was supposed to be funny and an attempt to make fun of all the puppies shown in Super Bowl ads. Most notably, Budweiser's famous Super Bowl ad also featured a Retriever puppy.{{cite news|date=2015-01-28|title=– GoDaddy Pulls 2015 Super Bowl Ad After Slew Of Negative Feedback From Animal Advocates|work=Huffington Post|url=https://www.huffingtonpost.com/2015/01/28/godaddy-2015-super-bowl-ad_n_6557548.html|access-date=2015-01-27}} The ad found very few fans from the online community. Animal advocates took to social media calling the ad disgusting, callous and that the commercial advocated puppy mills. An online petition collected 42,000 signatures.{{cite news|last1=Frankilin|first1=Dallas|date=28 January 2015|title=GoDaddy pulls controversial Super Bowl puppy ad|work=KFOR-TV|url=http://kfor.com/2015/01/28/see-why-godaddy-pulled-their-puppy-super-bowl-ad/|access-date=8 October 2017}}

GoDaddy's CEO, Blake Irving, wrote a blog entry later that day promising that the commercial would not air during the Super Bowl. He wrote on his blog "At the end of the day, our purpose at GoDaddy is to help small businesses around the world build a successful online presence. We hoped our ad would increase awareness of that cause. However, we underestimated the emotional response. And we heard that loud and clear." He goes on to say that Buddy was purchased from a reputable breeder and is part of the GoDaddy family as Chief Companion Officer.{{cite web|title=– We're listening, message received|url=https://garage.godaddy.com/godaddy/message-received-loud-clear/|access-date=2015-01-27|publisher=GoDaddy.org}}

In July 2011, GoDaddy introduced a policy of blocking DNS queries from some outside DNS servers, in order to prevent other DNS queries from being too slow. Among other things, this prevents some bots from visiting websites, forcing some search engines to exclude domains hosted with GoDaddy.

With this policy, they are choosing to allow their DNS servers to be under-provisioned (meaning that their servers are unable to gracefully handle their normal load). To prevent slow DNS, which would generate complaints quickly, they decided to block 100% of packets from hand-picked DNS servers based on volume and visibility. This reduces load somewhat, while making it difficult for customers to pinpoint GoDaddy as the problem. This policy also affects search engine ranking for various GoDaddy customers who have multiple domains with different registrars.

GoDaddy has refused to comment on the policy or the perception that their servers cannot handle the load or they are giving preference to their platinum level customers at first. It has also interfered with projects that collect Internet statistics.{{cite web|last=Perry|first=R. Scott|title=GoDaddy's New "Selective DNS Blackouts" Policy|url=http://rscott.org/dns/GoDaddy_Selective_DNS_Blackouts.htm|access-date=1 September 2011}}

In September 2011, GoDaddy made an official statement from Rich Merdinger, now Vice President of Domains at GoDaddy, and claim that this is to protect GoDaddy users' privacy, and that they're ensuring that DNS records are being accessed properly and not being harvested for unintended uses.{{cite web|last=Perry|first=R. Scott|title=UPDATE on GoDaddy's New "Selective DNS Blackouts" Policy|url=http://rscott.org/dns/GoDaddy_Selective_DNS_Blackouts_Update.htm|access-date=2 September 2011}}

On December 11, 2011, rival domain name registrar Namecheap claimed that GoDaddy was in violation of ICANN rules by providing incomplete information in order to hinder the protest moves of domain names from GoDaddy to Namecheap,{{cite web|date=2011-12-26|title=Namecheap accuses GoDaddy of stalling anti-SOPA defections|url=http://www.electronista.com/articles/11/12/26/namecheap.says.godaddy.breaking.icann.rules/|url-status=dead|archive-url=https://web.archive.org/web/20130729050251/http://www.electronista.com/articles/11/12/26/namecheap.says.godaddy.breaking.icann.rules/|archive-date=2013-07-29|access-date=2013-07-14|publisher=Electronista}} an accusation which GoDaddy denied, claiming that it was following its standard business practice to prevent WHOIS abuse.{{citation needed|date=November 2019}} GoDaddy still maintains the strict policy of 60-day lock in inter-registrar domain transfers, if there was a change in registrant information. Many other registrars are giving an option for their customers to opt out from this 60-day lock as per the ICANN Policy which states: "The Registrar must impose a 60-day inter-registrar transfer lock following a Change of Registrant, provided, however, that the Registrar may allow the Registered Name Holder to opt out of the 60-day inter-registrar transfer lock prior to any Change of Registrant request".{{citation needed|date=February 2021}}

At this time GoDaddy does allow customers who update their domain contact information to opt-out of the 60-day lock upon verification.{{citation needed|date=February 2021}}

On December 22, 2011, a thread{{cite web|title=GoDaddy supports SOPA, I'm transferring 51 domains & suggesting a move your domain day|date=22 December 2011 |url=https://www.reddit.com/r/politics/comments/nmnie/godaddy_supports_sopa_im_transferring_51_domains/|access-date=22 December 2011}} was started on the social news website Reddit, discussing the identity of supporters of the United States Stop Online Piracy Act (SOPA), which included GoDaddy. GoDaddy subsequently released additional statements supporting SOPA. A boycott and transfer of domains were proposed. This quickly spread across the Internet, gained support, and was followed by a proposed Boycott GoDaddy day on December 29, 2011.{{cite web|title=Boycott GoDaddy Over Their Support of SOPA|url=http://godaddyboycott.org|access-date=22 December 2011}} One strong supporter of this action was Cheezburger CEO Ben Huh, who threatened that the organization would remove over 1,000 domains from GoDaddy if they continued their support of SOPA.{{cite web|last=Greg|first=Kumparak|title=Cheezburger's Ben Huh: If GoDaddy Supports SOPA, We're Taking Our 1000+ Domains Elsewhere|url=https://techcrunch.com/2011/12/22/cheezburgers-ben-huh-if-godaddy-supports-sopa-were-taking-our-1000-domains-elsewhere/|access-date=23 December 2011|work=Techcrunch Article|date=22 December 2011 |publisher=techcrunch}} Wikipedia founder Jimmy Wales also announced that all Wikipedia domains would be moved away from GoDaddy as their position on SOPA was "unacceptable".{{cite tweet|last=Wales|first=Jimmy|user=jimmy_wales|number=150287579642740736|date=23 December 2011|title=I am proud to announce that the Wikipedia domain names will move away from GoDaddy. Their position on #sopa is unacceptable to us.|access-date=13 January 2016}} After a brief campaign on Reddit, Imgur owner Alan Schaaf transferred his domain from GoDaddy.{{cite web|last=Schaaf|first=Alan|title=Alan Schaaf Reddit post|date=23 December 2011 |url=https://www.reddit.com/r/technology/comments/nnynm/imgurcom_is_with_godaddy_alan_schaaf_the_founder/c3al6ld|access-date=24 December 2011}}

GoDaddy pulled its support for SOPA on December 23, releasing a statement saying "GoDaddy will support it when and if the Internet community supports it."{{cite web|last=Lowensohn|first=Josh|date=2011-12-23|title=GoDaddy spanks SOPA, yanks support|url=http://news.cnet.com/8301-13578_3-57347915-38/go-daddy-spanks-sopa-yanks-support/|archive-url=https://web.archive.org/web/20111225062609/http://news.cnet.com/8301-13578_3-57347915-38/go-daddy-spanks-sopa-yanks-support/|archive-date=2011-12-25|publisher=CNET}}{{cite web|title=GoDaddy No Longer Supports SOPA|url=http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=378|access-date=December 23, 2011|publisher=GoDaddy}} Later that day, CEO Warren Adelman couldn't commit to changing GoDaddy's position on the record in Congress when asked, but said "I'll take that back to our legislative guys, but I agree that's an important step."{{cite web|last=Coldewey|first=Devin|title=GoDaddy CEO: "There Has To Be Consensus About The Leadership Of The Internet Community"|date=23 December 2011 |url=https://techcrunch.com/2011/12/23/godaddy-ceo-there-has-to-be-consensus-about-the-leadership-of-the-internet-community/}} When pressed, he said "We're going to step back and let others take leadership roles." He felt that the public statement removing their support would be sufficient for now, though further steps would be considered. Further outrage was due to the fact that many Internet sites and domain registrars would be subject to shutdowns under SOPA, but GoDaddy is in a narrow class of exempted businesses that would have immunity, where many other domain operators would not.{{cite web|last=Franzen|first=Carl|date=15 December 2011|title=SOPA Hearing Will Never End | TPM Idea Lab|url=http://idealab.talkingpointsmemo.com/2011/12/sopa-hearing-will-never-end.php|url-status=dead|archive-url=https://web.archive.org/web/20111228105355/http://idealab.talkingpointsmemo.com/2011/12/sopa-hearing-will-never-end.php|archive-date=28 December 2011|access-date=23 December 2011|work=talkingpointsmemo.com}}

By December 24, 2011, GoDaddy had lost 37,000 domains as a result of the boycott.{{cite news|last1=Peckham|first1=Matt|title=GoDaddy Boycott over SOPA Support Still On, Exodus Looms|agency=TIME|url=https://techland.time.com/2011/12/29/godaddy-boycott-over-sopa-support-still-on-exodus-looms/|access-date=1 September 2019}} GoDaddy gained a net 20,748 domains.{{cite web|title=Godaddy Boycott Fizzles;Twice as many domains transfer in as out|date=30 December 2011 |url=http://www.techdirt.com/articles/20111230/01453717233/godaddy-boycott-fizzles-twice-as-many-domains-transfer-as-out.shtml|publisher=Techdirt}}{{cite web|title=GoDaddy Boycott Fizzles And May Work In Company's Favor|url=http://www.business2community.com/trends-news/godaddy-boycott-fizzles-and-may-work-in-companys-favor-0115027|publisher=Business2Community}}

On September 10, 2012, a major networking failure caused by corrupted router tables resulted in a DNS outage intermittently affecting millions of customers' sites for a period of 4.5 hours.{{Cite news|last=Goodin|first=Dan|date=2012-09-11|title=Ars Technica|url=https://arstechnica.com/security/2012/09/godaddy-outage-caused-by-router-snafu-not-ddos-attack/|access-date=2012-09-11}}{{cite web|title=GoDaddy Outage Takes Down Millions Of Sites, Anonymous Member Claims Responsibility|date=10 September 2012 |url=https://techcrunch.com/2012/09/10/godaddy-outage-takes-down-millions-of-sites|access-date=2012-09-10}} Initial reports attributed it to a DDOS attack. This claim was disputed by Wagner, who stated that the isolated incident was due to internal mistakes that led to corrupt data tables. Wagner stood by the quality of GoDaddy's infrastructure, citing a 99.999% uptime.{{cite web|title=GoDaddy Site Outage Investigation Completed|url=http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=410|publisher=GoDaddy}} GoDaddy later said in an apology e-mail to its customers on September 14, 2012, that the outage was due to the corruption of router data tables,{{cite web|title=GoDaddy stopped by massive DDoS attack|url=https://www.theregister.co.uk/2012/09/10/godaddy_ddos_attack/|work=theregister.co.uk}}{{cite news|date=2012-09-11|title=GoDaddy Says Crash Wasn't Anonymous, It Wasn't A Hack, It Wasn't A DDoS. It Was Internal Network Issues|work=TechCrunch|url=https://techcrunch.com/2012/09/11/godaddy-says-it-wasnt-anonymous-it-wasnt-a-hack-it-wasnt-a-ddos-it-was-internal-network-issues/|access-date=2013-07-14}} confirming indications that millions of web sites and e-mails were affected.

In April 2019, GoDaddy removed more than 15,000 fraudulent website sub-domains after Jeff White, a cyber-security researcher at Palo Alto Networks' Unit 42 threat intelligence team, discovered a massive scam where criminals were selling products, such as weight loss pills, through an affiliate marketing program using compromised websites to add legitimacy to their products and services.

The products and services were also shown to be endorsed by celebrities, such as Stephen Hawking, Jennifer Lopez and Gwen Stefani, although none of them are believed to have been involved in these activities.{{Cite web|date=2019-04-29|title=GoDaddy Takes Down 15,000 Fraudulent Subdomains of Compromised Websites|url=https://app.beebom.com/godaddy-takes-15000-fraudulent-subdomains-compromised-websites/|access-date=2019-04-30|website=Beebom|language=en-US|archive-date=2020-12-01|archive-url=https://web.archive.org/web/20201201140053/https://app.beebom.com/godaddy-takes-15000-fraudulent-subdomains-compromised-websites/|url-status=dead}}

On October 19, 2019, GoDaddy experienced a security breach that affected 28,000 customer's hosting accounts. The breach lasted for a period of six months before detection by the company's security team on April 23, 2020. The breach was conducted by utilizing an altered SSH file and targeted customer's hosting information, compromising the usernames and passwords of the accounts involved.{{cite web|last1=Sergiu|first1=Gatlan|title=GoDaddy confirms security breach affecting 28,000 hosting accounts|url=https://www.bleepingcomputer.com/news/security/godaddy-notifies-users-of-breached-hosting-accounts/|access-date=6 May 2020|website=bleepingcomputer.com|publisher=Bleeping Computer}}{{cite web|last1=Winder|first1=Davey|title=GoDaddy Confirms Data Breach: What Customers Need To Know|url=https://www.forbes.com/sites/daveywinder/2020/05/05/godaddy-confirms-data-breach-what-19-million-customers-need-to-know/#20f670cb1daa|access-date=6 May 2020|work=Forbes}}

On November 17, 2021, GoDaddy discovered unauthorized third-party access to their Managed WordPress hosting environment that affected up to 1.2 million of their clients, thus exposing their email addresses and phone numbers. In addition to that it had also exposed WordPress admin passwords, SSL keys and sFTP passwords.{{Cite news|date=2021-11-22|title=GoDaddy security breach exposes WordPress users' data|language=en|work=Reuters|url=https://www.reuters.com/technology/godaddy-security-breach-exposes-wordpress-users-data-2021-11-22/|access-date=2021-11-23}}{{Cite web|date=2021-11-17|title=GoDaddy Announces Security Incident Affecting Managed WordPress Service|url=https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm}}

On February 16, 2023, GoDaddy revealed it had been hacked again by the same actors from the previous breaches, with customer's websites being intermittently redirected.{{Cite web |last=Goodin |first=Dan |date=2023-02-17 |title=GoDaddy says a multi-year breach hijacked customer websites and accounts |url=https://arstechnica.com/information-technology/2023/02/godaddy-says-a-multi-year-breach-hijacked-customer-websites-and-accounts/ |access-date=2023-02-20 |website=Ars Technica |language=en-us}}{{Cite web |title=Statement on recent website redirect issues |url=https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx |access-date=2023-02-20 |website=aboutus.godaddy.net |language=en-US}}

In October 2020, US Justice Department seized Kata'ib Hezbollah propaganda websites hosted by GoDaddy. The seized websites, aletejahtv.com and kataibhezbollah.com, were used by the group to recruit new members and promote extremist propaganda.{{Cite web|last=Hall|first=Kevin G.|date=2020-10-21|title=Despite U.S. sanctions, Iranian broadcaster pumps out propaganda with aid of Broward firm|website=Miami Herald |url=https://www.miamiherald.com/news/state/florida/article246498665.html}}{{Cite web|title=US blocks propaganda websites registered by Iran-backed militia|url=https://www.stripes.com/news/us-blocks-propaganda-websites-registered-by-iran-backed-militia-1.643750|access-date=2020-11-05|website=Stars and Stripes}} A number of counter terrorism organisations, including Counter Extremist Project (CEP), have previously called on GoDaddy to stop providing domain registrar services to such parties.{{Cite web|date=2020-10-27|title=U.S. Justice Department Seizes Kata'ib Hezbollah Propaganda Websites|url=https://www.counterextremism.com/blog/us-justice-department-seizes-kata%E2%80%99ib-hezbollah-propaganda-websites|access-date=2020-11-05|website=Counter Extremism Project|language=en}}

In December 2020, during the COVID-19 pandemic and the associated economic crisis the company tricked employees into thinking they had earned a bonus of $650.00, instead they were told they had failed a phishing test and were required to do social engineering training. After significant criticism in the media as 'cruel' and 'stupid' the company apologized to its staff but did not offer actual bonuses.{{refn|{{Cite web|last=Sottek|first=T. C.|date=2020-12-24|title=GoDaddy wins our 2020 award for most evil company email|url=https://www.theverge.com/2020/12/24/22199406/godaddy-wins-2020-stupidity-award|access-date=2020-12-24|website=The Verge|language=en}}{{Cite web|title=GoDaddy phishing 'test' teased employees with a fake holiday bonus|url=https://www.engadget.com/godaddy-sent-fake-phising-email-promising-holiday-bonus-220756457.html|access-date=2020-12-24|website=Engadget|language=en}}{{Cite web|date=2020-12-25|title=GoDaddy apologises for fake Christmas bonus email security test|url=https://www.france24.com/en/live-news/20201225-godaddy-apologises-for-fake-christmas-bonus-email-security-test|access-date=2020-12-26|website=France 24|language=en}}{{Cite web|title=GoDaddy apologizes for "insensitive" phishing email offering bonuses to employees|url=https://www.cbsnews.com/news/godaddy-apologizes-insensitive-phishing-email-bonuses-employees/|access-date=2020-12-26|website=www.cbsnews.com|date=25 December 2020 |language=en-US}}{{Cite web|last=Murillo|first=Ana Lucia|date=2020-12-26|title=GoDaddy Apologizes for Email Baiting Employees With Fake Holiday Bonus|url=https://www.thedailybeast.com/godaddy-apologizes-for-email-baiting-employees-with-fake-holiday-bonus|access-date=2020-12-26|website=The Daily Beast|language=en}}}}

On January 11, 2021, the company deplatformed the web forum AR15.com following the U.S. Capitol attack.{{cite news|author=Michael Lee|date=January 11, 2021|title=Amazon partner GoDaddy boots gun site from its servers|newspaper=Washington Times|url=https://www.washingtonexaminer.com/news/amazon-godaddy-boots-gun-site}} GoDaddy told Axios that the action was due to the site's failure to moderate content "that both promoted and encouraged violence."{{Cite web|last=Markay|first=Lachlan|date=13 January 2021|title="GOP digital operatives aim to avoid "deplatforming"|url=https://www.axios.com/gop-digital-operatives-technology-b58e0162-75a6-4626-b813-da5743231173.html|website=Axios}} The National Shooting Sports Foundation, in a message from its president, condemned what it called the "de-platforming of gun sites" as a "dark harbinger" for discussion of controversial issues and an "indiscriminate silencing of opinion and debate."{{Cite web|date=2021-01-15|title=De-platforming of Gun Sites is a Dark Harbinger|url=https://www.nssf.org/articles/de-platforming-of-gun-sites-is-a-dark-harbinger/|access-date=2021-11-23|website=NSSF|language=en-US}}

In September 2021 the company cancelled a contract with the anti-abortion group Texas Right to Life who were running a website encouraging whistleblowing of those who were breaking the Texas Heartbeat Act. Owned by the Texas Right to Life group, the website was used as a platform for the public to submit tips on suspected pregnancy terminations in Texas. In a statement to Ars Technica, Texas Right to Life Director of Media and Communication Kimberlyn Schwartz noted that, "We will not be silenced. If anti-Lifers want to take our website down, we'll put it back up."{{Cite web|title=GoDaddy Is Booting A Site That Sought Anonymous Tips About Texas Abortions|url=https://www.npr.org/2021/09/03/1034188184/texas-abortions-godaddy-website-anonymous-tips|access-date=2021-09-04|website=NPR.org|language=en}}{{Cite web|last=Hollister|first=Sean|date=2021-09-03|title=GoDaddy is cutting off Texas Right to Life's abortion 'whistleblowing' website|url=https://www.theverge.com/2021/9/3/22656196/godaddy-texas-right-for-life-abortion-whistleblowing-site|access-date=2021-09-04|website=The Verge|language=en}}{{Cite web|title=GoDaddy kicks Texas abortion "whistleblower" website off its platform|url=https://www.techradar.com/news/godaddy-boots-texas-abortion-whistleblower-website|access-date=2021-09-04|website=TechRadar.com|language=en}}

On May 1, 2024, the company restricted access to their DNS API to accounts that had either 10 or more domains or a Discount Domain Club subscription, breaking websites that use Let's Encrypt or other ACME CAs with the DNS-01 challenge unless the site owner has a subscription or uses workarounds such as acme-dns.{{Cite web |date=2024-05-12 |title=How Replace GoDaddy API for DNS Challenge |url=https://community.letsencrypt.org/t/how-replace-godaddy-api-for-dns-challenge/218249 |access-date=2024-09-30 |website=Let's Encrypt Community Support |language=en}}{{Cite web |date=2024-04-03 |title=DNS Challenge with GoDaddy API Failed |url=https://community.letsencrypt.org/t/dns-challenge-with-godaddy-api-failed/215938 |access-date=2024-09-30 |website=Let's Encrypt Community Support |language=en}}{{Cite web |last=iamyogo |date=2024-05-21 |title=PSA: GoDaddy has changed its API access. Affects ACME/LetsEncrypt |url=https://www.reddit.com/r/PFSENSE/comments/1cwuwdo/psa_godaddy_has_changed_its_api_access_affects/?rdt=56405 |access-date=2024-09-30 |website=r/PFSENSE}}{{Cite web |last=varmintp |date=2023-02-01 |title=Issue with Godaddy DNS API |url=https://www.reddit.com/r/letsencrypt/comments/10qex9x/issue_with_godaddy_dns_api/?rdt=40760 |access-date=2024-09-30 |website=r/letsencrypt}}{{Cite web |date=2024-06-02 |title=GoDaddy no longer allows API access to clients (e.g. for DNS-based cert renewal) if you have less than 50 domains |url=https://community.letsencrypt.org/t/godaddy-no-longer-allows-api-access-to-clients-e-g-for-dns-based-cert-renewal-if-you-have-less-than-50-domains/219377 |access-date=2024-09-30 |website=Let's Encrypt Community Support |language=en}}{{Cite web |last=whole_kernel |date=2024-05-08 |title=Warning: Godaddy silently cut access to their DNS API unless you pay them more money. If you're using Godaddy domain with letsencrypt or acme, be aware because your autorenewal will fail. |url=https://www.reddit.com/r/selfhosted/comments/1cnipp3/warning_godaddy_silently_cut_access_to_their_dns/?share_id=KqHj3BJOye8QM2c-jMLeH&rdt=54763 |access-date=2024-09-30 |website=r/selfhosted}}{{Cite web |last=Allemann |first=Andrew |date=2024-06-03 |title=Developers frustrated by recent GoDaddy API restrictions |url=https://domainnamewire.com/2024/06/03/developers-frustrated-by-recent-godaddy-api-restrictions/ |access-date=2024-11-06 |website=Domain Name Wire {{!}} Domain Name News |language=en-US}}

{{Reflist}}

• [https://godaddy.com Official website]

Category:GoDaddy

Category:Domain name seizures by United States