Hacker News new | past | comments | ask | show | jobs | submit login

By the sounds of it, the s3 bucket was internally accessible only. But attacker connected through the corp's Web Application Firewall after grabbing the credentials to login to the S3 bucket.

"Internally accessible only" just means you have to have credentials to access it.

You can also add IP address restrictions to a bucket access policy; this was obviously not done here because once she had the credentials, it didn't matter where she was accessing from.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact