Researchers at UpGuard recently discovered a data breach affecting GoDaddy, considered the world’s largest domain name registrar and web host by market share to date. The leaked information was found in June on a publicly accessible AWS S3 bucket named “abbottgodaddy” and referenced the company’s infrastructure running in the Amazon AWS cloud. Majority of the exposed documents were multiple versions of the same Excel file containing data used for configuring thousands of systems as well as pricing options for the same, the researchers said. Fields included hostname; operating system; workload; AWS region, memory and CPU specs, among others.
GoDaddy was not the one to blame for the leak. According to an Amazon statement itself, human error appeared to be the cause of the data breach and an unnamed AWS salesperson was responsible for the misconfiguration. Amazon S3 buckets should be private by default, with access restricted to account owner and root administrator. Nevertheless, occasional misconfigurations or misunderstandings by both the customers and providers can compromise the privacy setting of the storage bucket, leading to unintentional exposure of data.
In this particular instance, Amazon reassured no GoDaddy customer information was revealed. However, configuration information can prove to be not only extremely valuable to malicious actors performing reconnaissance to increase the effectiveness of future attacks, but also to business competitors leveraging this kind of data to their own advantage.
Proficio Threat Intelligence Recommendations:
- Regularly check the security posture on your cloud storage, enforcing tools for data loss prevention and promoting security awareness among your employees.
- Consider performing regular audits on your service providers to reduce the risks associated with the digital supply chain.
General Information – Click Here