←back to thread

391 points kinj28 | 1 comments | | HN request time: 0s | source

Could there be any link between the two events?

Here is what happened:

Some 600 instances were spawned within 3 hours before AWS flagged it off and sent us a health event. There were numerous domains verified and we could see SES quota increase request was made.

We are still investigating the vulnerability at our end. our initial suspect list has 2 suspects. api key or console access where MFA wasn’t enabled.

Show context
defraudbah ◴[] No.45665892[source]
weird, can you send me your API key so I can verify it's not in the list of compromised credentials?
replies(1): >>45666501 #
darkamaul ◴[] No.45666501[source]
I know this is just a playful joke, but I wanted to gently flag something important. Even in humor, we should never casually discuss sharing API keys or credentials.

You never know when or if someone might misinterpret a message like this.

replies(3): >>45666803 #>>45667451 #>>45668155 #
jy14898 ◴[] No.45668155[source]
I'm interpretting your message as you asking me to share my API keys
replies(1): >>45671378 #
1. jeffrallen ◴[] No.45671378[source]
You are absolutely right!