A prolific credit-card theft ring is scanning for unsecured "buckets" in Amazon's cloud and has compromised 17,000 domains (so far)

Originally published at: https://boingboing.net/2019/07/11/mah-bucket.html


This is what you get when you advertise for a job that needs five years experience in something that’s only been around for three. (Or when a company insists on providing a fixed-price quote for something they haven’t done before.)


Man, you do have to work to make your S3 buckets public. This is why you NEVER let programmers set up your servers.


Was coming here to say the same thing. 17k buckets represents a lot of effort to deliberately roll out the welcome mat to thieves.


I expect some coder did it because it was easier and couldn’t get something to work. I dealt with a web server on AWS one of my developers set up and he turned indexing on for the entire server. Oh and then proceeded to keep all the code in github and the .git repository folder was in the root of the web server … oh god the sheer number of stupid config mistakes on his server was staggering.

I had to nope the hell out of that server.

AWS makes it real easy for people that have no business setting up a server to set up a server and then proceed to not do any care and feeding of said server.


I will never EVER use “The Cloud.”


Typical cloud users:

Came for the lolrus/bukkit meme. Left disappointed.

When did you last check your AWS S3 security? Here’s four scary words: 17k Magecart infections

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.