←back to thread

Ask HN: Our AWS account got compromised after their outage

391 points kinj28 | 1 comments | 21 Oct 25 15:55 UTC | HN request time: 0.266s | source

Could there be any link between the two events?

Here is what happened:

Some 600 instances were spawned within 3 hours before AWS flagged it off and sent us a health event. There were numerous domains verified and we could see SES quota increase request was made.

We are still investigating the vulnerability at our end. our initial suspect list has 2 suspects. api key or console access where MFA wasn’t enabled.

Show context
defraudbah ◴[22 Oct 25 07:31 UTC] No.45665892[source]
weird, can you send me your API key so I can verify it's not in the list of compromised credentials?
replies(1): >>45666501 #
darkamaul ◴[22 Oct 25 09:04 UTC] No.45666501[source]
I know this is just a playful joke, but I wanted to gently flag something important. Even in humor, we should never casually discuss sharing API keys or credentials.

You never know when or if someone might misinterpret a message like this.

replies(3): >>45666803 #>>45667451 #>>45668155 #
bigDinosaur ◴[22 Oct 25 11:21 UTC] No.45667451[source]
It's not our responsibility to avoid jokes because some people are awful at their jobs and/or idiots. How on earth would people who would send an API key in response to a joke fare against a genuinely malicious social engineering attempt...?
replies(4): >>45667805 #>>45669204 #>>45671180 #>>45684918 #
nashashmi ◴[22 Oct 25 12:05 UTC] No.45667805[source]
It is not my job so stuff like this is helpful to know.
replies(1): >>45669226 #
1. defraudbah ◴[22 Oct 25 13:55 UTC] No.45669226[source]
no worries my friend, it's all good, we have a team of professionals to run security checks on your AWS keys.

Since many businesses were affected by an awful, irresponsible AWS incident, we understand it might be challenging times for software business, which is why our team runs free security checks for all tokens we receive, limited offer, only today, send us your credentials and get your report in less than 24 hours.

we already received more than 100 API keys from people with a referral from hackernews, there are only 50 seats left