The internal information belonging to the hosting provider GoDaddy was released due to an error in Amazon AWS bucket setting.
The cyber security team of UpGuard 's cyber security company said Thursday that a series of documents remained in the published Amazon S3 bucket.
GoDaddy is a provider of domain name registration services and hosting services that serve millions of customers around the world.
Information on security breaches is described in GoDaddy architecture and "Advanced configuration information on tens of thousands of systems and pricing options for running these systems in Amazon AWS, including the proposed reduction in various scenarios" was doing. Up guard
Configuration files such as host name, operating system, workload, AWS area, memory and processor specification are included in the published cache, and at least 24,000 systems are described.
"This data essentially consists of the deployment of AWS cloud infrastructure with 41 different columns on each system and aggregation and modeling of aggregate, average and other computed fields to a very large scale It expanded to.
The open compartment called "abbottgodaddy" contains commercial information related to the relationship between GoDaddy and Amazon AWS including tariff negotiations. This information needs to be kept secret.
The result of such a leak was disastrous for GoDaddy. GoDaddy's activities can be greatly compromised if data dumps are entrusted to actors of the threat against which you want to sell data, or competing services. Ultimately, without a commercial secret or intellectual property, the company is not noticeable.
Information leakage was discovered by UpGuard on June 19. GoDaddy took more than one month to respond and closed the bucket on 26th July.
Security failures seem to have been caused by AWS sales representatives who did not follow The Best practices for storing information.
Update 00.52 BST: AWS statement:
ZDNet's AWS spokesperson said, "The bucket of the issue was created by AWS commercials to work with customers and save AWS pricing scenarios." "GoDaddy's customer information was not published, but Amazon S3 is protected by default, and bucket access is locked only by the account owner and the root administrator with the default settings.A best practice of AWS I did not respect it.
AWS does not say that information from GoDaddy is involved in violations. GoDaddy said the published document is a speculative model and not related to ongoing activities between the hosting provider and Amazon.
"Threats that may exploit this type of data require a malicious intentional actor, but even if you release this data via inappropriately configured storage, Said up guard. "GoDaddy and Amazon, small businesses, people using cloud technology risk unintended damage if operational awareness and processes do not detect and correct configuration errors and correct them.
I hope you like the news AWS Error Revealed GoDaddy Business Secrets. Stay Tuned For More Updates!