Due to security loop in Amazon cloud-based platform, AWS (Amazon Web Service) has exclusively leaked the information of around 31,000 GoDaddy servers. GoDaddy which is the world’s leading web host service provider with over 18 million happy customers recently face the issues related to data leakage. Apart from GoDaddy, social media giant Facebook also faced the same issue of data leakage this year.
In June, a member of Australian based cybersecurity firm Upguard’s risk analyst Chris Vickery discovered files in an unsecured and unblocked S3 bucket of AWS containing detailed pieces of information of the GoDaddy servers. S3 bucket is a cloud-based storage service which is offered by Amazon Web Service (AWS).
A brief look into the database “abbottgodaddy” by Chris Vickery helps him reveal multiple versions of data from about 31,000 GoDaddy systems. As per the report of Upguard, the information describes their architecture and strict level configuration pieces of information from thousands of their servers. It also includes servers information like the regions it is deployed and about the discount the company needs to offer on various packages offered.
The leaked details from the servers include the details of operating systems, ASW regions, memory, workloads, CPU specifications and configuration files for hostnames. As said by the team of Upguard, this leakage could give detailed information about GoDaddy’s business and other competitors to inject the malware into the system.
The data found through leakage are mapped with large scaled AWS servers. After this discovery, Upguard has given notification to GoDaddy but the team till now hasn’t secured their pieces of information for over five weeks. While checking for the status of the information given to GoDaddy team through a report, Vickery was told that it’s typical for there to be a delay following security reports such as this one.
No doubt S3 bucket of Amazon Web Service is secure and set to private by default but by altering the permission it can be accessible by other users. There are some cases where AWS customers are blamed for the leakage of sensitive data through S3 bucket but in the present scenario Amazon itself is considered to be the reason for this blunder.
The AWS spokesperson told Engadget that while working with the customer the salesperson of AWS has created the bucket to store AWS pricing details. Further, it is revealed that no customer information of GoDaddy was present in that bucket that was exposed. It’s the AWS salesperson who needs to follow the AWS best practice but he has not followed while creating this S3 bucket. By default, the bucket is locked and can only be accessed by the owner and the administrator under root privilege.
Vickery mentioned that the public needs to have knowledge of these types of issues related to data leakage. He also said that the contract between two parties should also have look on the measures that need to be taken at the time of data exposure.