This site is a compendium of information related to security incidents and breaches with customers operating in the major cloud providers. It is intended to help cloud security practitioners articulate the risks of specific cloud security mistakes and to help them inform their respective leadership, development, and operations teams.

Our goal is to provide the security community a go-to place for identifying real-world examples of how cloud security misconfigurations have impacted real customers. It’s one thing for us to say “It’s a bad idea to attach the S3FullAccess policy to your instance role when you only need to write to a single logging bucket,” and quite another to say “The 2019 Capital One breach wouldn’t have resulted in a 100 million dollar fine if the engineer deploying the WAF hadn’t attached the S3FullAccess to the ***WAF-Role”

Breaches.Cloud is hosted and sponsored by PrimeHarbor Technologies, LLC. In addition, the cloud security community is welcome to contribute to the site via our GitHub Repository. You can find more information on how to contribute under the CONTRIBUTING.md file.

Our Privacy Policy.