Articles under this tag provide actionable guidance on protecting cloud-based applications from cyber threats. Topics include secure development practices, API security, authentication hardening, vulnerability management, and runtime protection strategies for applications deployed across cloud platforms.
posts
The Snowflake Breach Changed How I Think About Cloud Risk In mid-2024, threat actors compromised over 165 organizations by exploiting stolen credentials against Snowflake cloud accounts that lacked multi-factor authentication. Ticketmaster, AT&T, Santander — massive names, massive data losses. The root cause wasn't some exotic zero-day. It
The $65 Million Misconfiguration Nobody Saw Coming In March 2023, Toyota disclosed that a cloud misconfiguration had exposed vehicle data on 2.15 million customers for over a decade. A single cloud storage bucket, left publicly accessible, quietly leaked data from 2012 to 2023. Nobody noticed for ten years. That&
The Misconfiguration That Exposed 3.8 Billion Records In June 2021, researchers discovered an unsecured Elasticsearch instance containing 3.8 billion records — names, emails, phone numbers, and social media profiles compiled from scraped and breached data. It sat wide open on the internet. No password. No access controls. Just a
The Misconfiguration That Exposed 100 Million Records In 2019, Capital One learned the hard way that a single misconfigured web application firewall in AWS could expose the personal data of over 100 million customers. The breach cost the company more than $270 million in fines and remediation. That incident wasn&
The Misconfiguration That Exposed 100 Million Records In 2019, a former Amazon Web Services employee exploited a misconfigured web application firewall to breach Capital One's cloud infrastructure. The result: over 100 million customer records exposed, a $190 million class-action settlement, and an $80 million fine from the OCC.
