391 points kinj28 | 1 comments | 21 Oct 25 15:55 UTC | HN request time: 0.237s | source

Could there be any link between the two events?

Here is what happened:

Some 600 instances were spawned within 3 hours before AWS flagged it off and sent us a health event. There were numerous domains verified and we could see SES quota increase request was made.

We are still investigating the vulnerability at our end. our initial suspect list has 2 suspects. api key or console access where MFA wasn’t enabled.

1. jmward01 ◴[22 Oct 25 05:08 UTC] No.45665081[source]▶

>>45657345 (OP) #

If I were an attacker I would choose when to attack and a major disruption happening leaving your logging is in chaos seems like it could be a good time. Is it possible you had been compromised for a while and they took that moment to take advantage of it? Or, similarly, they took that moment to use your resources for a different attack that was spurred by the outage?

↑

Ask HN: Our AWS account got compromised after their outage