All thanks to Unsecure AWS S3 Bucket.
GoDaddy is the latest victim of cybercriminals and has joined the league of companies that got confidential data leaked due to unsecure Amazon S3 buckets. The world’s leading domain name registering platform, GoDaddy, boasts of more than 18m customers, which makes cyber-attack on this organization a high-profile feat.
According to latest discovery of cybersecurity firm UpGuard’s risk analyst Chris Vickery, files containing exclusive information about GoDaddy were publicly accessible thanks to an unsecure S3 bucket. There were multiple versions of files stored on the Amazon S3 bucket for more than 31,000 GoDaddy systems. The database was titled “abbottgodaddy.”
Amazon Web Services is a cloud storage service that has often criticized for being the sole cause of a large number of data leaks that have occurred in present times. In the latest data leak, it is believed that an error in the S3 bucket has caused the leaking of internal data of GoDaddy.
It is worth noting that the data exposed in the security breach included architectural details about GoDaddy. It also included “high-level configuration information” of countless systems and pricing facilities for operating those systems in the S3 bucket is also included. This includes the discounts offered to customers in various scenarios. Furthermore, the database also includes hostnames configuration files, workloads, CPU specifications, operating systems, AWS regions, memory and other details about GoDaddy’s systems.
Security experts claim that an AWS salesperson responsible for storing information in the S3 bucket failed in doing that properly. As per an AWS spokesperson:
“While Amazon S3 is secure by default and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket.”
According to UpGuard, the database contains extensive information about the company and is spread on a “large-scale AWS cloud infrastructure deployment” as it includes 42 different columns related to separate systems. Furthermore, it contains modeled and summarized data on totals, averages, and similar other calculation-related fields.
Moreover, confidential business information of GoDaddy is also included in the database such as rate negotiations. This information primarily is related to the business relationship shared by Amazon AWS and GoDaddy. Also included in the database are trade secrets and IP addresses of GoDaddy.
The consequences of this leak could have been detrimental for GoDaddy if the database had been detected by cybercriminals. They could have easily sold the data to competitors of GoDaddy leading to severe commercial implications on the company’s business.
Interestingly, AWS maintains that none of the information contained in the unprotected S3 bucket belonged to GoDaddy. GoDaddy, conversely, stated that the files contained in the database were merely “speculative models” and were not associated with the recent activities between Amazon and GoDaddy. The database was identified by Vickery on June 19 and GoDaddy only responded to the notification on July 26. The S3 bucket has now been sealed off by the company.
Rich Campagna, CMO at Bitglass commented on the issue and told HackRead that “We’ve seen a string of high profile data incidents of this nature over the last year, including Verizon and Dow Jones. These exposures are difficult to stop because they originate from human error, not malice. Just one wrong tick box in the cloud set-up process can put vast amounts of sensitive corporate data at risk. This is why Amazon introduced ‘Macie’: to discover, classify and protect sensitive data in AWS S3.”
“Organisations using IaaS must leverage at least some of the security technologies available to them, either from public cloud providers, IDaaS providers, or CASBs, which provide visibility and control over cloud services like AWS.”
Image credit: Depositphotos