The UpGuard Cyber Risk Team has discovered and secured a data exposure of documents appearing to describe GoDaddy infrastructure running in the Amazon AWS cloud, preventing any future exploitation of this information. The documents were left exposed in a publicly accessible Amazon S3 bucket which, according to a statement from Amazon, “was created by an AWS salesperson.” GoDaddy is “the world’s largest domain name registrar,” one of the largest SSL certificate providers, and as of 2018, the largest web host by market share. The exposed documents include high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios.
The exposed configuration information included fields for hostname, operating system, “workload” (what the system was used for), AWS region, memory and CPU specs, and more. Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields. Also included were what appear to be GoDaddy’s discounts from Amazon AWS, usually restricted information for both parties, who must negotiate for rates– as do GoDaddy’s competitors.
With 17.5M customers, and 76M domain names, GoDaddy is a critical part of internet infrastructure, and their cloud utilization operates at one of the largest scales in existence. At the time of discovery, GoDaddy’s CSTAR risk score was 752 out of 950, while Amazon scored a 793. The UpGuard Cyber Risk Team was able to notify GoDaddy, who got the exposure closed, preventing any potential future malicious use of the exposed data.