391 points kinj28 | 1 comments | 21 Oct 25 15:55 UTC | HN request time: 0s | source

Could there be any link between the two events?

Here is what happened:

Some 600 instances were spawned within 3 hours before AWS flagged it off and sent us a health event. There were numerous domains verified and we could see SES quota increase request was made.

We are still investigating the vulnerability at our end. our initial suspect list has 2 suspects. api key or console access where MFA wasn’t enabled.

Show context

sousastep ◴[21 Oct 25 16:44 UTC] No.45657982[source]▶

>>45657345 (OP) #

couple folks on reddit said while they were refreshing during the outage, they were briefly logged in as a whole different user

replies(6): >>45658079 #>>45658884 #>>45659047 #>>45659106 #>>45659578 #>>45665172 #

CaptainOfCoit ◴[21 Oct 25 17:49 UTC] No.45659047[source]▶

>>45657982 #

> couple folks on reddit said while they were refreshing during the outage, they were briefly logged in as a whole different user

Didn't ChatGPT have a similar issue recently? Would sound awfully similar.

replies(1): >>45660022 #

sunaookami ◴[21 Oct 25 18:55 UTC] No.45660022[source]▶

>>45659047 #

Steam also had this, classic caching issue.

replies(1): >>45661165 #

mbo ◴[21 Oct 25 20:20 UTC] No.45661165[source]▶

>>45660022 #

This happened to me on Twitter maybe like, 9 years ago? What's the mechanism of action that causes this to happen?

replies(1): >>45662696 #

1. howinator ◴[21 Oct 25 22:47 UTC] No.45662696[source]▶

>>45661165 #

The easiest way to do this is to misconfigure your CDN so that it caches set-cookie headers.

↑

Ask HN: Our AWS account got compromised after their outage