GoDaddy servers exposed online Sensitive data on 31,000 !

GoDaddy servers exposed online Sensitive data on 31,000 !

GoDaddy is the latest victim of cybercriminals and has joined the league of companies that got confidential data leaked due to unsecure Amazon S3 buckets. The world’s leading domain name registering platform, GoDaddy, boasts of more than 18m customers, which makes cyber-attack on this organization a high-profile feat.

Godaddy is the world’s leading domain registrar with over 18 million customers with over 76M domain names. Upguard noticed the publically readable Amazon S3 bucket contains several spreadsheet files that contain data about Data Legend, GDDY Machine Raw Data, Summary, Compute, Storage, Instance Mapping, Spot and Price List.

According to latest discovery of cybersecurity firm UpGuard’s risk analyst Chris Vickery, files containing exclusive information about GoDaddy were publicly accessible thanks to an unsecure S3 bucket. There were multiple versions of files stored on the Amazon S3 bucket for more than 31,000 GoDaddy systems. The database was titled “abbottgodaddy.”

Amazon Web Services is a cloud storage service that has often criticized for being the sole cause of a large number of data leaks that have occurred in present times. In the latest data leak, it is believed that an error in the S3 bucket has caused the leaking of internal data of GoDaddy.

It is worth noting that the data exposed in the security breach included architectural details about GoDaddy. It also included “high-level configuration information” of countless systems and pricing facilities for operating those systems in the S3 bucket is also included. This includes the discounts offered to customers in various scenarios. Furthermore, the database also includes hostnames configuration files, workloads, CPU specifications, operating systems, AWS regions, memory and other details about GoDaddy’s systems.

The consequences of this leak could have been detrimental for GoDaddy if the database had been detected by cybercriminals. They could have easily sold the data to competitors of GoDaddy leading to severe commercial implications on the company’s business.

Interestingly, AWS maintains that none of the information contained in the unprotected S3 bucket belonged to GoDaddy. GoDaddy, conversely, stated that the files contained in the database were merely “speculative models” and were not associated with the recent activities between Amazon and GoDaddy. The database was identified by Vickery on June 19 and GoDaddy only responded to the notification on July 26. The S3 bucket has now been sealed off by the company.