Security Market Segment LS
Monday, 13 August 2018 09:22

GoDaddy data found exposed in unsecured Amazon S3 bucket


A salesperson from Amazon Web Service created a publicly accessible S3 bucket containing information about high-level configuration details for systems belonging to GoDaddy, the world's biggest Web host by market share in 2018.

The pricing options for running these systems in Amazon AWS, including discounts that would be offered, was also contained in this bucket.

The security firm UpGuard discovered the information on 19 June, and informed GoDaddy after ascertaining the nature of the information. The following day, UpGuard says it began the process of contacting GoDaddy. Six days later, GoDaddy responded by email and UpGuard was able to confirm that the bucket had been secured.

In a blog post, UpGuard said: "The exposed configuration information included fields for hostname, operating system, 'workload' (what the system was used for), AWS region, memory and CPU specs, and more.

"Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarised and modelled data on totals, averages, and other calculated fields.

"Also included were what appear to be GoDaddy’s discounts from Amazon AWS, usually restricted information for both parties, who must negotiate for rates– as do GoDaddy’s competitors."

There was no indication that anyone had gained access to the data before UpGuard found the cache online.

UpGuard said the fact that GoDaddy hosted nearly a fifth of the Internet, the data assumed much more importance than if it had been a smaller player.

"Amazon AWS is the leader in its space, claiming approximately 40% of the market for infrastructure as a service. Although the exposed information by itself could not facilitate a planned attack on their systems, such an attack could potentially disrupt global Internet traffic," it said.

In the past, UpGuard has found data from more than 100 manufacturing companies exposed on a publicly accessible server belonging to Level One Robotics, an insurance firm exposed in an unsecured NAS device. It has also found misconfigured Amazon Web Services S3 buckets leaking data from Paris-based brand marketing company Octoly, California data analytics firm Alteryx, credit repair service National Credit Federation, the NSA, the Pentagon, global corporate consulting and management firm Accenture, publisher Dow Jones, a Chicago voter database, a North Carolina security firm, a contractor for the US National Republican Committee, and data relating to a number of subsidiaries of Blue Chair, a holding company in Kansas City.

But late in February, UpGuard had to rework a report on what it claimed was a cloud-based data storage repository, that was used by business analytics software provider Birst and left unsecured.

It said as a result, data about financial services firm Capital One had been exposed.

But Capital One contested these claims, as did Birst. UpGuard then took down its original post, while it discussed the matter with Capital One. An updated version of its post was issued in March.

In an unsolicited reaction, an AWS spokesperson said: "The bucket in question was created by an AWS salesperson to store prospective AWS pricing scenarios while working with a customer. No GoDaddy customer information was in the bucket that was exposed.

"While Amazon S3 is secure by default and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket."


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments