AWS S3 error exposes data on 31K GoDaddy servers

Cybersecurity firm UpGuard has discovered an error in Amazon AWS bucket configuration that led to the exposure of internal GoDaddy infrastructure data. 

The exposed information includes 31,000 GoDaddy server configurations (such as memory and CPU), hostnames, operating systems, server workloads and Amazon AWS pricing and usage.

The discovery was especially alarming given GoDaddy is the world’s largest domain name registrar and one of the largest SSL certificate providers, boasting 17.5M customers and 76M domain names. 

UpGuard notified GoDaddy of the discovery on June 20th, 2018, a day after finding the publicly readable Amazon S3 bucket dubbed abbottgodaddy. The research team later confirmed the exposure was mitigated on July 26th, nearly five weeks later. The report was shared exclusively with Engadget

UpGuard described the potential impact: 

“Using the configuration data of the GoDaddy servers as a ‘map’ which would allow malicious actors to select targets based on their role, probable data, size, and region, and using the business data as a competitive advantage for cloud hosting strategy and pricing.”

Organizations should take special care of configuring and locking down permissions to AWS S3.

Two groups in particular should be used with extreme care: “All Users (Everyone)” and “Authenticated Users (All AWS Users).” These groups could allow public anonymous access and anyone with an AWS account access to access a bucket, respectively.