GODADDY has been the victim of another big data leak, this time from the big-enough-to-know-better Amazon Web Services (AWS).
Engadget reports that a new discovery from security analysts UpGuard shows that during June, 31,000 GoDaddy systems were left in multiple versions in a completely unsecured AWS S3 bucket.
Details included usage stats from GoDaddy, pricing and negotiated discounted rates from Amazon. More worryingly, there's also server config information, CPU specs, hostnames, operating systems and server loads.
It's a bit like finding the plans for the Death Star and someone has written "2m hole to blow up Death Star here" on it. In other words, if someone was in the market for a vulnerability for GoDaddy, they'd likely find one.
"Essentially, this data mapped a very large scale AWS cloud infrastructure deployment," said UpGuard.
GoDaddy was given a chance to plug the leaks, but after five weeks, UpGuard decided to act, as GoDaddy still hadn't locked things down.
But as it turns out - the S3 bucket was, from GoDaddy's point of view, locked properly. This appears to be an AWS cock-up.
From a corporate perspective, this is a great example of the type of thing that would make industrial espionage fans weep with glee. As such, we'd expect that GoDaddy will be asking some quite serious questions of how Amazon hopes to make amends.
"The bucket in question was created by an AWS salesperson to store prospective AWS pricing scenarios while working with a customer," said AWS.
"No GoDaddy customer information was in the bucket that was exposed. While Amazon S3 is secure by default and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket."
The documents are said to be "speculative" rather than definitive, showing possible rather than live data. Nevertheless, Upguard warns that, as the biggest internet domain provider in the world, there's enough data here to grind the internet to a halt. And that, whilst a big ‘if' is a bit scary.
Flagship fakes aim that the incoming Samsung Galaxy S10+
Don't expect to be surprised later today
Your phone call may be recorded for leaking purposes
But the company is yet to dish, officially