An unsecured Amazon AWS bucket configuration has exposed exclusive information about the world’s leading host provider company GoDaddy.
In June, cybersecurity firm UpGuard’s risk analyst Chris Vickery found out files containing
detailed server information was stored inside an unsecured S3 bucket, a cloud storage service provided by Amazon Web Services.
Looking into the database “abbottgodaddy,” he revealed that it contains multiple versions of data which might go over 31,000 GoDaddy systems.
According to UpGuard, the leaked information had architectural details as well as “high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios.”
Exposed details include configuration files for hostnames, operating systems, workloads, AWS regions, memory, and CPU specifications.
“Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields,” the cybersecurity firm said.
Meanwhile, Amazon has issued a clarification, stating that no GoDaddy customer information was stored in the exposed S3 bucket:
“The bucket in question was created by an AWS salesperson to store prospective AWS pricing scenarios while working with a customer. No GoDaddy customer information was in the bucket that was exposed. While Amazon S3 is secure by default and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket.”