31,000 GoDaddy servers were inadvertently exposing data due a AWS misconfiguration
- The data exposure was caused by a publicly accessible Amazon S3 bucket.
- The data exposed include high-level configuration information for thousands of systems and pricing options.
Another day, another accidental data leak. An Amazon Web Services (AWS) misconfiguration resulted in accidentally exposing data stored in around 31,000 GoDaddy servers. The data exposed included GoDaddy infrastructure running in the AWS cloud.
The leak was discovered and secured by the security researchers at UpGuard. The exposed data included configuration information such as fields for hostname, operating system, AWS region, memory and CPU specs, and more. The breach also exposed GoDaddy’s discounts from AWS.
“With 17.5M customers, and 76M domain names, GoDaddy is a critical part of internet infrastructure, and their cloud utilization operates at one of the largest scales in existence,” UpGuard researchers wrote in a blog.
Earlier this year AWS servers were updated to be configured as private by default. This update came after a spate of similar accidental data exposures that affected numerous organizations, both private and public, including Pentagon, the NSA, the US Army and defense contractors.
In some cases, when permissions are changed, access to AWS servers can be made available to others. Although in most cases, an AWS server misconfiguration usually involves an error made by the customer, in this case, Amazon itself caused the breach.
"The bucket in question was created by an AWS salesperson to store prospective AWS pricing scenarios while working with a customer," an AWS spokesperson told Engadget. "No GoDaddy customer information was in the bucket that was exposed.”
“While Amazon S3 is secure by default and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket,” the AWS spokesperson added. "As for the documents that were exposed, they were speculative models from an AWS employee and do not reflect work currently underway with Amazon."