A recently discovered Amazon Web Services (AWS) Simple Storage Service (S3) bucket error exposed GoDaddy configuration information from the company's servers, Australian cyber risk management firm UpGuard reported.
UpGuard identified a GoDaddy AWS S3 bucket that exposed configuration information for thousands of systems and AWS discounts "offered under different scenarios" on June 19, the company stated. It notified GoDaddy about the exposed AWS S3 bucket on June 20, and GoDaddy verified the issue was resolved on July 26.
The GoDaddy AWS S3 bucket was created "by an AWS salesperson," according to a prepared statement. It mapped an AWS cloud infrastructure deployment consisting of 41 different columns on individual systems.
GoDaddy is "the world's largest domain name registrar," the company indicated. It has 17.5 million customers and supports 76 million domain names worldwide.
Are AWS Data Leaks on the Rise?
GoDaddy is one of several globally recognized brands to suffer a data leak due to a misconfigured Amazon server. Other notable companies that recently experienced AWS data leaks include:
- FedEx: More than 119,000 scanned documents of U.S. and international citizens were publicly available via an unsecured FedEx AWS S3 cloud server.
- Time Warner Cable: An AWS cloud leak exposed more than 4 million Time Warner Cable customer records.
- WWE: World Wrestling Entertainment (WWE) exposed the personal information of more than 3 million users due to an AWS database leak.
AWS data leaks may result in revenue losses, too.
For example, DXC Technology, a Top 100 MSSP for 2017, last year uploaded its private AWS keys to an unsecured GitHub repository. These keys ultimately were used to deploy 244 AWS virtual machines (VMs) over the course of four days, and DXC paid approximately $64,000 to address the issue.
How Can Organizations Avoid AWS Data Leaks?
There is no one-size-fits-all solution to prevent AWS data leaks. Instead, an organization must understand the importance of securing data in AWS cloud environments, develop information security processes and protocols and teach its employees how to properly secure critical data.
In addition, MSSPs can help organizations secure data both on-premises and in the cloud. MSSPs also can provide security tips and recommendations to help organizations protect their sensitive information against cyberattacks.
