[oefrha]

Really not impressed with the obligatory "really impressed with transparency" pat-on-the-back under every incident report for a big corp screw-up that provides any details at all.

And stating to the press the clearly malicious payload is "non-malicious" (assuming TFA didn't lie about Twilio's statement)? That's ridiculous.

[ficklepickle]

Even if the payload was not malicious when they looked, it could change at any time. I don't see how that can be confidently labeled non-malicious.

[aka1234]

When talking about screw-ups on AWS, public incident reports try to obfuscate and spin the Hell out of issues that boil down to "really, really stupid configuration issue".

They owned it. That is more than can be said about other large incident reports that I've seen regarding AWS.