FTX, a crypto-currency exchange, found itself in bankruptcy. At the moment of the leadership transition, over $400 million in crypto-currency was transferred from FTX’s wallets. The FTX trustee management discovered many poor cloud practices during the unwinding process.

In April 2018, the educational platform Chegg Inc. suffered a breach leading to the exposure of sensitive data on over 40 million users. A former contractor used AWS root credentials to exfiltrate the data.

In July 2020, Drizly, an on-demand alcohol delivery service, suffered a data breach that exposed the personal information of over 2 million users data. The source of the breach was an executive’s GitHub account that was the victim of a credential-stuffing attack. With access to GitHub, the attacker could find AWS credentials, reconfigure AWS security settings, and access a customer database, leading to the leak of 2 million user records.

In December of 2020, Ubiquiti suffered a breach at the hands of an employee. This employee masked his presence via a VPN and was able to clone the company’s GitHub repository and alter logs in AWS to hide their presence and evidence of the breach. After the attacker leaked false details of the attack to a well-known security blogger, Ubiquiti’s stock lost 4 billion dollars in value.

In February 2018, The Los Angeles Times was unwittingly part of a crypto jacking scheme. A publicly writable S3 Bucket on their website was discovered and configured to serve a Coinhive Monero Miner Javascript code. The injected code used the CPU power of any browser that visited the site.

An unknown threat actor compromised an un-used EC2 Instance, accessed AWS API Keys, and used them to exfiltrate a Database Snapshot from security vendor Imperva.

In 2022, LastPass suffered a series of breaches, eventually leading to customer password vaults being taken. This incident is notable because it is the first time we’ve seen evidence that a threat actor targeted a specific employee’s home network to capture privileged cloud credentials.