Business Secrets of GoDaddy have been exposed due to a misconfigured Amazon AWS bucket which led to leakage of information of the hosting provider GoDaddy. The documents left in AWS S3 bucket were available to the public. The information consisted of GoDaddy’s architecture and a high-level configuration of tens of thousands of Servers and pricing options including the discounts offered by the company.
The information also consisted of hostnames, OS, workloads of different servers. The data also included AWS regions, memory, CPU specifications totalling 24000 systems.
“Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields,” the cybersecurity firm said.
There is also a bucket named “ABBOTTGODADDY” consisting of business information relating to price negotiations between GoDaddy and AWS. This would have been a nightmare for GoDaddy if the information were to be discovered by bad threat actors. The security failure is due to a salesperson not following best practices in storing the data.
GoDaddy has also issued a statement saying the documents exposed were not related to the current projects between Amazon and GoDaddy.
Even though GoDaddy and Amazon are some of the biggest hosting organisations there will be small and medium organisations that can be affected due to the same configuration errors.
The information leak was found by UpGuard on June 19. It was over a month before GoDaddy replied to the advisory, eventually correctly configuring the bucket on July 26.
Take your time to comment on this article.
