391 points kinj28 | 1 comments | 21 Oct 25 15:55 UTC | HN request time: 0.226s | source

Could there be any link between the two events?

Here is what happened:

Some 600 instances were spawned within 3 hours before AWS flagged it off and sent us a health event. There were numerous domains verified and we could see SES quota increase request was made.

We are still investigating the vulnerability at our end. our initial suspect list has 2 suspects. api key or console access where MFA wasn’t enabled.

1. Traubenfuchs ◴[22 Oct 25 11:26 UTC] No.45667480[source]▶

>>45657345 (OP) #

It makes me very uncomfortable to know I got my CC in GCP, AWS and oracle cloud and that I have access to 3 corporate AWS accounts with bills on the level of 10's of millions per month.

Why don't cloud providers offer IP restrictions?

I can only access GitHub from my corporate account if I am in the VPN and it should be like that for every of those services with the capability to destroy lives.

↑

Ask HN: Our AWS account got compromised after their outage