#Security intervention : #GoDaddy AWS infrastructure exposed, then patched

The GoDaddy infrastructure of its Amazon AWS systems was exposed; the security issue was reported and fixed very recently.

According to security firm UpGuard Cyber Risk Team, the discovery involved data exposure of documents appearing to describe the GoDaddy infrastructure running in the Amazon AWS cloud.

The UpGuard Cyber Risk Team reported and secured the security exposure.

The GoDaddy documents were left exposed in a publicly accessible Amazon S3 bucket which, according to a statement from Amazon, “was created by an AWS salesperson.”

Amazon stated about the security exposure of AWS data:

“No GoDaddy customer information was in the bucket that was exposed. While Amazon S3 is secure by default, and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket.”

By default, the Amazon S3 storage buckets are private, and only designated users can access them.

Due to either misunderstanding or misconfiguration, these permissions were altered to allow public access, and anyone who visited the URL of the storage bucket could view all content that isn’t locked down, without a password.

For more information on the GoDaddy AWS incident, with additional technical details, visit UpGuard.com.

Story kudos: A. Mitchell.

Copyright © 2024 DomainGang.com · All Rights Reserved.