Any word on how those accounts are getting compromised?
Have they been complacent (easy password to guess, keys easy to be compromised (maybe in a public github repo)), or could there be some whole in the AWS secutiy model?
If there were a hole in the AWS security model for this, I think it'd be pretty obvious pretty quickly, given what happens when US-East takes a dive...
This happens constantly, and it's almost always through lack of best practices (as mentioned in higher up comment - IAM, MFA, etc.).
This happens constantly, and it's almost always through lack of best practices (as mentioned in higher up comment - IAM, MFA, etc.).