Bitcoin mining, AWS, Wordpress and security leaks
A few weeks ago, my AWS (Amazon Web Services) account was hacked, someone got access to AWS Console, created a bunch of EC2 instances, Lambdas, and started mining cryptocurrencies. I realized what is happening only a few hours later. The price was high and low at the same time. It was $500. So not too shabby. But if I would not react, it could go up in thousands of dollars quickly.
Initially, I assumed that someone just got to my password. That was probable, as I had (no idea why) no MFA enabled on AWS Console. After some thinking, I rejected that idea after all. My password has not leaked! What leaked was an API access key that was stored in only one place outside AWS. Two of the Wordpress websites I managed. Someone got access to my Wordpress websites, extracted API keys, and voila!
That is one very probable scenario if we take into account the number of security volunabilities Wordpress is known to have. I try to keep Wordpress up to date. It looks like I failed.
The final outcome of this situation is that I will be closing my AWS account, convert all of my web pages to static CMS like Jekyll and host everything with GitHub and Cloudflare. Safer, faster, and for free!
I'm Paweł Spychalski and I do things. Mainly software development, FPV drones and amateur cinematography. Here are my YouTube channels: