The pricing options for running these systems in Amazon AWS, including discounts that would be offered, was also contained in this bucket.
The security firm UpGuard discovered the information on 19 June, and informed GoDaddy after ascertaining the nature of the information. The following day, UpGuard says it began the process of contacting GoDaddy. Six days later, GoDaddy responded by email and UpGuard was able to confirm that the bucket had been secured.
In a blog post, UpGuard said: "The exposed configuration information included fields for hostname, operating system, 'workload' (what the system was used for), AWS region, memory and CPU specs, and more.
"Also included were what appear to be GoDaddy’s discounts from Amazon AWS, usually restricted information for both parties, who must negotiate for rates– as do GoDaddy’s competitors."
There was no indication that anyone had gained access to the data before UpGuard found the cache online.
UpGuard said the fact that GoDaddy hosted nearly a fifth of the Internet, the data assumed much more importance than if it had been a smaller player.
"Amazon AWS is the leader in its space, claiming approximately 40% of the market for infrastructure as a service. Although the exposed information by itself could not facilitate a planned attack on their systems, such an attack could potentially disrupt global Internet traffic," it said.
In the past, UpGuard has found data from more than 100 manufacturing companies exposed on a publicly accessible server belonging to Level One Robotics, an insurance firm exposed in an unsecured NAS device. It has also found misconfigured Amazon Web Services S3 buckets leaking data from Paris-based brand marketing company Octoly, California data analytics firm Alteryx, credit repair service National Credit Federation, the NSA, the Pentagon, global corporate consulting and management firm Accenture, publisher Dow Jones, a Chicago voter database, a North Carolina security firm, a contractor for the US National Republican Committee, and data relating to a number of subsidiaries of Blue Chair, a holding company in Kansas City.
But late in February, UpGuard had to rework a report on what it claimed was a cloud-based data storage repository, that was used by business analytics software provider Birst and left unsecured.
It said as a result, data about financial services firm Capital One had been exposed.
But Capital One contested these claims, as did Birst. UpGuard then took down its original post, while it discussed the matter with Capital One. An updated version of its post was issued in March.
In an unsolicited reaction, an AWS spokesperson said: "The bucket in question was created by an AWS salesperson to store prospective AWS pricing scenarios while working with a customer. No GoDaddy customer information was in the bucket that was exposed.
"While Amazon S3 is secure by default and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket."