Breach, Content

Amazon AWS S3 Error Exposes GoDaddy Configuration Data

A recently discovered Amazon Web Services (AWS) Simple Storage Service (S3) bucket error exposed GoDaddy configuration information from the company's servers, Australian cyber risk management firm UpGuard reported.

UpGuard identified a GoDaddy AWS S3 bucket that exposed configuration information for thousands of systems and AWS discounts "offered under different scenarios" on June 19, the company stated. It notified GoDaddy about the exposed AWS S3 bucket on June 20, and GoDaddy verified the issue was resolved on July 26.

The GoDaddy AWS S3 bucket was created "by an AWS salesperson," according to a prepared statement. It mapped an AWS cloud infrastructure deployment consisting of 41 different columns on individual systems.

GoDaddy is "the world's largest domain name registrar," the company indicated. It has 17.5 million customers and supports 76 million domain names worldwide.

Are AWS Data Leaks on the Rise?

GoDaddy is one of several globally recognized brands to suffer a data leak due to a misconfigured Amazon server. Other notable companies that recently experienced AWS data leaks include:

  • FedExMore than 119,000 scanned documents of U.S. and international citizens were publicly available via an unsecured FedEx AWS S3 cloud server.
  • Time Warner Cable: An AWS cloud leak exposed more than 4 million Time Warner Cable customer records.
  • WWE: World Wrestling Entertainment (WWE) exposed the personal information of more than 3 million users due to an AWS database leak.

AWS data leaks may result in revenue losses, too.

For example, DXC Technology, a Top 100 MSSP for 2017, last year uploaded its private AWS keys to an unsecured GitHub repository. These keys ultimately were used to deploy 244 AWS virtual machines (VMs) over the course of four days, and DXC paid approximately $64,000 to address the issue.

How Can Organizations Avoid AWS Data Leaks?

There is no one-size-fits-all solution to prevent AWS data leaks. Instead, an organization must understand the importance of securing data in AWS cloud environments, develop information security processes and protocols and teach its employees how to properly secure critical data.

In addition, MSSPs can help organizations secure data both on-premises and in the cloud. MSSPs also can provide security tips and recommendations to help organizations protect their sensitive information against cyberattacks.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.