I don't have confidence in MacKeeper here. Their "story" can't decide if it wants to be a news item or a vulnerability report. You don't say "Online Service Offering Group Hotel Bookings Allegedly Exposed Sensitive..." if it's you yourself making the allegations.
Either you have confidence in what you're saying in or you don't. If you have confidence publish your findings. If you don't have confidence shut up until you do. Don't hide behind "allegedly".
Sounds like fun for someone, however whilst the host was AWS they're not in anyway to blame are they? I work with equipment that can make a business fail their PCI-DSS compliance tests with one incorrectly set password (as I'm sure do many of us). Not the equipments fault though..
AWS has a lot of security going for it.
However unless you turn it on... its useless.
Clearly this is the guy who put the data up there's fault.
The issue is that many don't view the cloud as a separate entity where you need to lock things down, but an extension of their own data center(s) where you're behind a firewall.
This is a good example of why the cloud is less secure than your very own data center.
I do see your point, I suppose it's going to take a while for (some) admins to get their game up to speed in using off site providers.
Oh dear, someone persisted ccv codes despite being told by Visa et al not to?
Well, I see no alternative. Canings all round, followed by a week wearing the conical hat of extreme stupid.
What, and have to look up the CCV code EVERY TIME I reserve a hotel room? Why don't I just pay with sea-shells and colorful beads? Jeese!
Anything about RDS?
It is not so much the buckets that fill me with dread ... its the bloody developers who think that it is a good idea to deploy public-facing Aurora databases with complex passwords like 'root', or 'password'. I recently disabled one db like this and sent the developer an email about password security. I notice from LastPass that the database password had been updated to "F11ck0ffC*nt" .. changed since the client also has access to the db.
Re: Anything about RDS?
Wow, that's seriously unprofessional. Does his manager know?
Re: Anything about RDS?
Indeed, the new password is likely to be very early on in a dictionary attack.
Oh, you mean the poor coding and attitude to constructive comment. That's just depressingly familiar.