Hackers are taking over Amazon cloud accounts and using them to mine crypto. According to a recent Business Insider report, some Amazon cloud users have seen their bill rise by over 500 times due to hackers.
Details Of The Hacking Sage
In one instance, a Seattle developer named Chris Chin saw his Amazon Web Services account incur a bill of over $53,000, which was far higher than his usual $100 to $150 bill. Chin suspected that he had been hacked by crypto miners after seeing the bill.
Cloud Services Lay Blame On Customers
According to the Business insider report, cloud services providers such as Google Cloud, AWS, and Microsoft Azure, usually shift the blame to customers for such hacks. According to these cloud services providers, the blame lay squarely in the hands of users for their failure to configure security settings properly. In the report, a Google spokesperson stated that nearly 75% of hacks were as a result of poor security practices and vulnerable third-party software.
On its part, AWS pointed to its shared responsibility model and stated that its accounts were secure by default. The company further stated that while it was responsible for the infrastructure, customers were responsible for security. For users, that does not provide any consolation. Essentially, one-time mistakes can place them in crippling lifetime debt.
Rising Value Of Crypto Makes Hacking More Lucrative
While the hacking of cloud services accounts has been around for over a decade, the rising value of crypto has made the illegal practice more lucrative. For instance, in November 2021, the value of BTC hit a new all-time high of $69,000. At the same time, the mining difficulty has risen, which means hackers need even more mining power to mine BTC.
In another example of crypto hacking, Jonny Platt, the founder of SEO Scout, tweeted that crypto hackers had incurred a $45,000 bill on his AWS account. According to him, the hackers made just over $800 worth of Monero using his compromised account. Platt later tweeted that Amazon had agreed to waive the $45,000 bill.
🎄 Excited to announce I just received my Christmas present from @awscloud!
😱 Horrified to see it's $45,000 in charges due to some scammer hacking my account + mining Crypto for the last few weeks
⏰ Had no sleep last night. It's now 23 hrs since my support ticket & no reply.
— Jonny Platt (@jonnyplatt) December 14, 2021
In another example of cloud account hacking, a California College student took to Reddit to describe how hackers had run up a $55,000 bill using his AWS account. The student stated that the hackers drained almost all of his savings meant for tuition.
AWS accounts are not the only ones being compromised. In a recently published report by Google, the company stated that a majority of hacked Google Cloud accounts were used for cryptojacking.
The issue has already found its way to federal court. In one instance, a Missouri-based tech firm filed a federal lawsuit after it was charged $760,000 resulting from cryptojacking activity. In most instances, AWS usually waives the fees run up by hackers. However, navigating the AWS customer support to have the bill waived can be complicated, according to the Business Insider report.
For now, there does not appear to be an easy solution to the issue. However, users can take the most basic security measures to secure their accounts. For instance, they could use complex passwords, and enable 2FA. Additionally, they should carefully scrutinize the third-party applications they install in their accounts. Finally, customers of cloud services should always reach out to customer support to have the bill waived. While the process may be arduous, it beats paying a bill of tens of thousands of dollars.
Notice: Information contained herein is not and should not be construed as an offer, solicitation, or recommendation to buy or sell securities. The information has been obtained from sources we believe to be reliable; however, no guarantee is made or implied with respect to its accuracy, timeliness, or completeness. Authors may own the cryptocurrency they discuss. The information and content are subject to change without notice. Visionary Financial and its affiliates do not provide investment, tax, legal, or accounting advice.