Public Domain: How Configuration Information for the World’s Largest Domain Name Registrar Was Exposed Online

The UpGuard Cyber Risk Team has discovered and secured a data exposure of documents appearing to describe GoDaddy infrastructure running in the Amazon AWS cloud, preventing any future exploitation of this information. The documents were left exposed in a publicly accessible Amazon S3 bucket which, according to a statement from Amazon, “was created by an AWS salesperson.” GoDaddy is “the world’s largest domain name registrar,” one of the largest SSL certificate providers, and as of 2018, the largest web host by market share. The exposed documents include high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios.

The exposed configuration information included fields for hostname, operating system, “workload” (what the system was used for), AWS region, memory and CPU specs, and more. Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields. Also included were what appear to be GoDaddy’s discounts from Amazon AWS, usually restricted information for both parties, who must negotiate for rates– as do GoDaddy’s competitors.

With 17.5M customers, and 76M domain names, GoDaddy is a critical part of internet infrastructure, and their cloud utilization operates at one of the largest scales in existence. At the time of discovery, GoDaddy’s CSTAR risk score was 752 out of 950, while Amazon scored a 793. The UpGuard Cyber Risk Team was able to notify GoDaddy, who got the exposure closed, preventing any potential future malicious use of the exposed data.

Read more at UpGuard

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security