These were accounts that shouldn't have had console access in the first place, a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		timdev2 5 months ago \| parent \| context \| favorite \| on: Ask HN: Our AWS account got compromised after thei... These were accounts that shouldn't have had console access in the first place, and were never used by humans to log in AFAICT. I don't know exactly what they were originally for, but they were named like "foo-robots", were very old. At first I thought maybe some previous dev had set passwords for troubleshooting, saved those passwords in a password manager, and then got owned all these years later. But that's really, really, unlikely. And the timing is so curious.

portaouflop 5 months ago [–]

Why keep accounts like this around anyway? Sounds like a breach was just waiting to happen…

Avicebron 5 months ago | [–]

A cost center like security? Are you crazy..

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact