A story that an AWS account was hacked and a charge of 5 million yen came in one day

The founder of seoscout, a search engine optimization (SEO) service, told me that he was suddenly hacked into an AWS account and was charged $ 45,000 for mining crypto assets. Published by Johnny Pratt.

Jonny Platt (@jonnyplatt) / Twitter

Pratt noticed the incident because the credit card company sent a warning that he had received a $ 45,000 bill. Mr. Pratt, who was surprised by this request, contacted AWS using a support ticket, but he could not sleep and posted a series of experiences on Twitter 23 hours after the incident was discovered. ..

We received $ 45,000 invoices because hackers ran mining software from AWS Lambda every 3 minutes for up to 15 minutes in all AWS regions around the world.

According to Pratt's follow-up survey from the remaining information, the hacker earned only 6 XMR (about 127,000 yen) with Pratt's AWS account.

Regarding this case, Mr. Pratt said, 'Is it impossible to send a warning email when the monthly usage fee increases 1500 times? It is impossible to charge the credit card. Will you respond within 23 hours if you contact us? Do you expect the world's largest tech companies to make more efforts to protect their customers from fraud? ' increase.

AWS has an item called 'cost anomaly detection ' in the security settings, Mr. Pratt says, 'If you are hosting on AWS, please set cost anomaly detection.'

In addition, Amazon contacted me 27 hours after the report, but it seems that it requires at least 24 hours of monitoring to review the billing amount due to AWS process reasons.

in Note, Posted by darkhorse_log