August 13, 2018 at
GoDaddy has recently unintentionally joined the trend and hopped on the train of companies who have been having their confidential data leaked. However, this time it was not the result of a malicious attack, but rather an unsecured Amazon S3 bucket.
Unlike some of the other companies who have either fallen victim to cyber attacks or had their confidential data leaked due to security vulnerabilities, GoDaddy is no small business. With over eighteen million customers, GoDaddy claims to be the top Internet domain registrar in the industry.
It has been said that GoDaddy hosts up to a fifth of the entire Internet. This means that if the data unveiled on these compromised servers were to be used to expedite a malicious attack, the potential effects could be on a major global scale.
How did this happen?
This unfortunate event has been identified as being the result of one of GoDaddy’s many S3 buckets being insecure. Their S3 buckets are provided by Amazon Web Services (AWS) and are normally sufficiently secure.
However, during the storage of data in this particular bucket, an AWS salesperson did not entirely follow the proper procedures to ensure maximum security. This resulted in the creation of the insecure S3 bucket, putting 31,000 of GoDaddy’s servers’ data at risk.
Data at Risk
The data which became vulnerable due to this bucket included vital information that could have exposed GoDaddy’s trade secrets and greatly benefited their competitors. It even had the potential to let another company take GoDaddy’s spot as the leader in the industry.
There was a wide variety of sensitive data in this bucket. This includes the specific hardware and software configurations GoDaddy uses for certain processes, tens of thousands of unique hostnames and data associated with those hostnames for organization purposes, etc.
It also contained pricing information for different products and services that GoDaddy consumes. These would not normally be known by the public, as it addresses discounts, among other things, that helps set GoDaddy apart from their competitors.
The reason the release of all this data is so serious boils down to two main ideas. The first, and more dangerous, is that all of that specification data could tell anyone with access to it what parts of GoDaddy’s servers do what, and which are more important.
This is hazardous because it would allow a cyber attacker to be more efficient in compromising GoDaddy as a whole, as they wouldn’t bother wasting their time on the parts deemed useless to hack.
The second main reason this could have been detrimental to GoDaddy is that it could have given away information to competitors that they would have otherwise never known. This would allow the other companies to have leverage over companies that give GoDaddy discounts during negotiations. Also, it would help competitors understand what makes GoDaddy so efficient and what, specifically, helped them climb to the top of the domain registry industry.
Curiously, GoDaddy has announced that all of the data leaked in this debacle was speculative, and did not necessarily accurately reflect their current practices and information.
Nonetheless, it is still worrying that something as major as a data leak of this caliber can occur as a result of a simple mistake, with no malice intended. This was not the first time we have seen something like this in the past few years, and as long as humans still make human errors, events like this will continue to occur unless we introduce a fail-safe system to ensure maintained security.