A story that an AWS account was hacked and a charge of 5 million yen came in one day
The founder of seoscout, a search engine optimization (SEO) service, told me that he was suddenly hacked into an AWS account and was charged $ 45,000 for mining crypto assets. Published by Johnny Pratt.
Jonny Platt (@jonnyplatt) / Twitter
https://twitter.com/jonnyplatt
Pratt noticed the incident because the credit card company sent a warning that he had received a $ 45,000 bill. Mr. Pratt, who was surprised by this request, contacted AWS using a support ticket, but he could not sleep and posted a series of experiences on Twitter 23 hours after the incident was discovered. ..
???? Excited to announce I just received my Christmas present from @awscloud !
— Jonny Platt (@jonnyplatt) December 14, 2021
???? Horrified to see it's $ 45,000 in charges due to some scammer hacking my account + mining Crypto for the last few weeks
⏰ Had no sleep last night. It's now 23 hrs since my support ticket & no reply.
We received $ 45,000 invoices because hackers ran mining software from AWS Lambda every 3 minutes for up to 15 minutes in all AWS regions around the world.
How did the scammer run up such a huge bill, so quickly?
— Jonny Platt (@jonnyplatt) December 14, 2021
This was not a sophisticated scam. Just a bash script on Lambda that downloads and runs a miner.
Every 3 minutes, for the max 15 mins each time.
In every AWS region on the globe. Pic.twitter.com/g4zfT5Bz0T
According to Pratt's follow-up survey from the remaining information, the hacker earned only 6 XMR (about 127,000 yen) with Pratt's AWS account.
So right now I'm footing the bill for $ 45k of server time, and some crypto scammer is rolling in the cash in the Bahamas, right?
— Jonny Platt (@jonnyplatt) December 14, 2021
Nope! The scammer's key is public. You can look it up on the mining site.
For my $ 45k they made roughly 6 XMR (Monero)
That's $ 800.
What a waste.
Regarding this case, Mr. Pratt said, 'Is it impossible to send a warning email when the monthly usage fee increases 1500 times? It is impossible to charge the credit card. Will you respond within 23 hours if you contact us? Do you expect the world's largest tech companies to make more efforts to protect their customers from fraud? ' increase.
But: But:
— Jonny Platt (@jonnyplatt) December 14, 2021
--Is it unreasonable to expect an email when monthly costs escalate by 150,000%?
--Or to expect less than 23 hrs response time after an insane credit card bill?
--Or to expect the biggest tech company in the world to do more to protect their customers from fraud?
AWS has an item called 'cost anomaly detection ' in the security settings, Mr. Pratt says, 'If you are hosting on AWS, please set cost anomaly detection.'
If you host with AWS, I urge you to check your security settings, and set up cost anomaly detection: https://t.co/iHgJntFGz7
— Jonny Platt (@jonnyplatt) December 14, 2021
If you don't? Then I urge you to consider if AWS is right for you, your scale and resources, however tempting their credits may be.
In addition, Amazon contacted me 27 hours after the report, but it seems that it requires at least 24 hours of monitoring to review the billing amount due to AWS process reasons.
Amazon finally called after 27 hrs, no doubt thanks to the attention this got.
— Jonny Platt (@jonnyplatt) December 14, 2021
The agent was kind, but AWS'processes means I must wait another 24hrs of'monitoring' before the case is sent to billing'for review', which can take days
Knowing I'm not alone really helps, thanks
Related Posts:
in Note, Posted by darkhorse_log