Unsecured AWS S3 Bucket exposed sensitive data on 31,000 GoDaddy servers

Pierluigi Paganini August 12, 2018

UpGuard discovered an unsecured GoDaddy’s Amazon S3 bucket containing sensitive information related to more than 31,000 GoDaddy systems.

Experts at cybersecurity firm UpGuard have reported that another big company was victim of a data leak, it is the domain name registrar and web hosting company GoDaddy.

The popular UpGuard’s risk analyst Chris Vickery discovered an unsecured GoDaddy’s Amazon S3 bucket containing sensitive information related to more than 31,000 GoDaddy systems.

“The UpGuard Cyber Risk Team has discovered and secured a data exposure of documents appearing to describe GoDaddy infrastructure running in the Amazon AWS cloud, preventing any future exploitation of this information.” reads the post published by UpGuard.

“The documents were left exposed in a publicly accessible Amazon S3 bucket which, according to a statement from Amazon, “was created by an AWS salesperson.”

The expert discovered the unsecured AWS bucket named abbottgodaddy on June 19th, 2018. It was containing several versions of a spreadsheet, the latest one named “GDDY_cloud_master_data_1205 (AWS r10).xlsx.

The document was a 17MB Microsoft Excel file with multiple sheets and tens of thousands of rows.

Each sheet contained data related to the large-scale infrastructure running in the Amazon cloud, such as “high-level configuration information” of company systems and pricing facilities for operating them.

“The exposed configuration information included fields for hostname, operating system, “workload” (what the system was used for), AWS region, memory and CPU specs, and more.” continues the post.

“Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields. Also included were what appear to be GoDaddy’s discounts from Amazon AWS, usually restricted information for both parties, who must negotiate for rates– as do GoDaddy’s competitors.”

godaddy data leak

The experts pointed out that the availability of the configuration information for the GoDaddy infrastructure could allow attackers to select targets based on their role, probable data, size, and region.

Competitors, vendors, cloud providers, and others, could also use business data exposed in the unsecured Amazon S3 bucket as a competitive advantage for cloud hosting strategy and pricing.

“From operations as large as GoDaddy and Amazon, to small and medium organizations, anyone who uses cloud technology is subject to the risk of unintentional exposure, if the operational awareness and processes aren’t there to catch and fix misconfigurations when they occur,” concludes UpGuard.

This year many other companies have exposed sensitive data in the same way, including Accenture, FedEx, and Walmart. Even though Amazon S3 buckets are configured by default with a secure configuration, many AWS customers turn off security settings for expedience. This particular data leak was caused by an AWS employee.

“The bucket in question was created by an AWS salesperson to store prospective AWS pricing scenarios while working with a customer,” an Amazon spokesperson said. “No GoDaddy customer information was in the bucket that was exposed. While Amazon S3 is secure by default, and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – GoDaddy, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment