AWS S3 Bucket exposed sensitive data of GoDaddy

Info about 31000 servers leaked

 

An unsecured Amazon AWS bucket configuration has exposed exclusive information about the world’s leading host provider company GoDaddy. The news had been confirmed by Mumbai based cyber expert Sanyog Shelar.

In June, cybersecurity firm UpGuard’s risk analyst Chris Vickery found out files containing
detailed server information was stored inside an unsecured S3 bucket, a cloud storage service provided by Amazon Web Services.

Looking into the database “abbottgodaddy,” he revealed that it contains multiple versions of data which might go over 31,000 GoDaddy systems.

According to UpGuard, the leaked information had architectural details as well as “high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios.”

Exposed details include configuration files for hostnames, operating systems, workloads, AWS regions, memory, and CPU specifications.

“Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields,” the cybersecurity firm said.

UpGuard notified GoDaddy of the discovery shortly after uncovering the exposed storage bucket, but GoDaddy didn’t secure the information for over five weeks. In that time, when checking up on the progress of his report, Vickery was told that it’s typical for there to be a delay following security reports such as this one.

Source : Medium

Leave A Reply

Your email address will not be published.