An open Amazon AWS S3 bucket that exposed GoDaddy's cloud configuration information was originated with an AWS salesperson, according to Amazon, and secured after the UpGuard Cyber Risk Team that discovered it notified the domain name registrar.
Noting that GoDaddy with its 17.5 million customers and 76 million domain names, “is a critical part of internet infrastructure, and their cloud utilization operates at one of the largest scales in existence,” UpGuard said in a blog post, the data in the bucket, discovered June 19 by the security company Cyber Risk Analyst Chris Vickery “mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields.”
The configuration information revealed included “fields for hostname, operating system, “workload” (what the system was used for), AWS region, memory and CPU specs, and more,” UpGuard said.
By now, the discovery of open AWS S3 buckets is a common refrain, but the GoDaddy exposure stands out. “What's unusual about this incident is that in addition to the usual leak of names, emails, and credit card information intellectual property was also exposed and it was at the hand of an AWS employee,” said Rich Campagna, CMO at Bitglass. “Any data breach can cost an organization in more ways than one, but the loss of IP can be detrimental.”
To avoid these incidents, Campagna said, “organizations need to equip themselves with systems that provide visibility over the cloud along with alerts for high-risk configurations.”
