←back to thread

Ask HN: Our AWS account got compromised after their outage

391 points kinj28 | 1 comments | 21 Oct 25 15:55 UTC | HN request time: 0.209s | source

Could there be any link between the two events?

Here is what happened:

Some 600 instances were spawned within 3 hours before AWS flagged it off and sent us a health event. There were numerous domains verified and we could see SES quota increase request was made.

We are still investigating the vulnerability at our end. our initial suspect list has 2 suspects. api key or console access where MFA wasn’t enabled.

Show context
WesleyJohnson ◴[22 Oct 25 17:24 UTC] No.45672307[source]
Our Alexa had a random person "drop in" yesterday. We could hear a child talking on the other end, but no idea who it was. It may just be a coincidence, but it's never happened before so it's easy to imagine it might be related to the AWS issues.
replies(1): >>45673389 #
1. mrktf ◴[22 Oct 25 18:42 UTC] No.45673389[source]
More on technical side I'm interesting what is plausible explanation for this type "glitches"?: it inconsistent backend router state between processing nodes, processing application restart and screw up in shared memory segment (i can imagine to decrease load times - use "persistent" shared memory block for outstanding data), or just plain hash table collision and lack of empty slots (i mean: https://en.wikipedia.org/wiki/Hash_collision).