"Forget stealing data — these hackers broke into Amazon's cloud to mine bitcoin... A report from the security intelligence group RedLock found at least two companies which had their AWS cloud services compromised by hackers who wanted nothing more than to use the computer power to mine the cryptocurrency bitcoin. The hackers ultimately got access to Amazon's cloud servers after discovering that their administration consoles weren't password protected..." http://www.businessinsider.com/hackers-broke-into-amazon-cloud-to-mine-bitcoin-2017-10?r=UK&IR=T
Click-bait article that implies that this is somehow an Amazon issue, when it is just customers with incompetent IT staff.
"...The hackers ultimately got access to Amazon's cloud servers after discovering that their administration consoles weren't password protected."
Unless I am misunderstanding something, which is entirely possible... not looking for an argument, just clarification... that line in the article is proceeded by "...A report from the security intelligence group RedLock found at least two companies which had their AWS cloud services compromised by hackers who wanted nothing more than to use the computer power to mine the cryptocurrency bitcoin..." Which to me says that the customers of Amazon were compromised, not Amazon itself. If I am understanding correctly, the fact that Amazon is hosting the servers has little to do with the situation. Someone correct me if I am wrong.
@xxJackxx It is somewhat unclear. One reading is that the hackers used the two companies as a gateway to access Amazon's servers which were not password protected. In any event, you are correct that there appears to be a lot to be desired respecting the security proficiency of a lot of companies who are turning to the cloud: "The big security hole in the cloud Misconfigured software and services are leading to accidental exposures of company data... As more companies unplug their data centers and rent out cloud-computing services from providers such as Amazon.com Inc.and Microsoft Corp., some are discovering an unexpected problem: They’re accidentally leaving their corporate data exposed for all the world to see. Configuration errors made while using cloud-storage services are common, security experts say, and often occur when users set access permissions so someone outside of the company—say, a vendor—can see data. 'More data has been lost due to poor configuration than anything else on the cloud,' says Vincent Liu a partner at Bishop Fox, a computer-security consulting firm. The nonprofit GDI Foundation has tracked close to 175,000 examples of misconfigured software and services on the cloud this year... The problem is, many cloud users simply don’t have the expertise to keep things as secure as they should, says David Linthicum, senior vice president with Cloud Technology Partners Inc., a consulting firm that helps corporations move to the cloud. 'They’re new to cloud and they don’t understand it,' he says... IT departments need to understand when a company’s assets are online, when software needs to be patched, how critical applications connect to each other and when developers are making 'high-risk changes,' Chronis says. That can be hard to do, when the software is running on the cloud instead of corporate data centers, he says..." http://www.marketwatch.com/story/the-big-security-hole-in-the-cloud-2017-10-09
