I came here expecting to see this subreddit lit up. Alas, nothing. Where is everyone? Misconfigured web firewall --> hacker gained IAM role --> found encryption keys --> decrypted data in S3 --> data extracted. Hacker posted breadcrumbs/trail on social about her exploit, and posted data on GitHub. Hack happened in March 2019. Capital One notified by email tip that their data is on GitHub July 17. Misconfigured cloud resource fixed immediately. Suspect arrested by FBI 7/29.
I'm interested in helping businesses avoid this kind of mess. What are y'all hearing?