AWS exposed GoDaddy server usage, pricing

By on
AWS exposed GoDaddy server usage, pricing

The world's largest public cloud provider, Amazon Web Services, exposed sensitive information about the world's largest internet domain host, GoDaddy, including detailed server configurations and projections on resource usage, according to a report published on Thursday by Engadget.

That exposed data, if it had been discovered by hackers or business rivals, could have compromised the AWS customer's security or competitive edge.

AWS acknowledged one of its sales agents left unsecured the S3 storage bucket containing spreadsheets chock-full of data. That employee "did not follow AWS best practices with this particular bucket," a spokesperson for the cloud provider said.

But information those documents contained about AWS pricing rates specific to GoDaddy were "speculative," the spokesperson said.

The GoDaddy incident comes one year after a rash of data leaks prompted Amazon to warn its customers to better protect their S3 storage buckets.

Like many of those previous high-profile data leaks, cybersecurity sleuth UpGuard found the unsecured bucket and notified the companies involved.

"The exposed documents include high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios," UpGuard wrote.

"Essentially, this data mapped a very large scale AWS cloud infrastructure deployment," the report said.

The GoDaddy documents included a list of configuration details of more than 30,000 GoDaddy servers, including information on hostnames, operating systems, CPU and memory resources, and workloads those systems were running.

That information—contained within several revisions of a Microsoft Excel spreadsheet sitting in a bucket called abbottgodaddy—could have given rival web hosting providers a competitive advantage, or even hackers information useful for an attack on the domain registrar, UpGuard noted.

In July of 2017, AWS responded to a string of data exposures by sending reminders to an undisclosed number of customers about S3 buckets in their accounts with no controls barring public access.

At the time, an AWS spokesperson told CRN USA: "With some recent public disclosures by third parties of Amazon S3 bucket contents that customers inadvertently configured to allow public access, we wanted to be proactive about helping customers make sure they don’t have bucket access they didn’t intend."

The email warnings came after reports of data leaks involving Verizon, Dow Jones, WWE, and the Republican National Convention shined a spotlight on a growing problem that was jeopardising the privacy of millions of people.

AWS noted Thursday the exposed bucket with GoDaddy account information contained no information about the domain hosting provider's own customers.

GoDaddy said the documents "do not reflect work currently underway with Amazon."

This article originally appeared at crn.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Are enterprise contracts best left to the biggest suppliers?
Yes: With scale comes experience and broad capability
No: An agile operator brings efficiency and new ideas
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?