AWS customers were hit by a major cyberattack, with stolen credentials then stored in plain sight


  • Researchers find vulnerabilities in public sites that expose sensitive information
  • They later discovered a campaign that took advantage of the flaws to exfiltrate data from “millions of websites.”
  • The crooks sold the data on the dark web for ‘hundreds of euros’

Misconfigured cloud instances have once again been exploited to steal sensitive information such as credentials, API keys and more.

This time the victims were countless Amazon Web Services (AWS) customers who don’t seem to understand the shared responsibility model of cloud infrastructure.