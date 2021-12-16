Sometimes even the most reputable tools and platforms they provide us with unfortunate experiences in our facet of users. Things get worse when we are not talking about a mere malfunction, but about monetary problems derivatives of a scam; and it simply derails itself if a large company is unable to offer an adequate means of contact to try to solve the problem.

Suddenly, the user is trapped by the bureaucracy and the automatisms of a large company for whom he is nothing more than a tiny notch in their business figures. And what happens when that great company is nothing less than Amazon, specifically the cloud computing service AWS, which annually generates 52% of the income of the “e-commerce giant”?





Jonny Platt, founder of the online SEO analysis tool SeoScout, shared yesterday with your Twitter followers a bad experience as an AWS customer. Specifically, that you had just received a $ 45,000 charge from AWS as a result of your account being hacked– Someone had broken into it and been using it for the past few weeks to mine cryptocurrencies.

A 150,000% increase in spending on AWS … and the customer finds out from his bank, and not by e-mail

And yet the problem for Platt was not with the hack itself (he doesn’t know how his password ended up in the attacker’s hands), but rather that for the next 23 hours to discover what happened (and send the mandatory support ticket) there was no human way to contact AWS for a solution.

Of course, AWS has a line of phone support, so why not use it? Well, because you have to hire it separately, and they charge you for it the equivalent of a percentage of your monthly expense, so that a solution in this way was to get rid of several thousand dollars without guarantees of being able to recover the rest:

“Before [del hackeo] my expense was $ 300, so I would have paid a maximum of $ 100. But this month I spent $ 45,000. So asking for help this way would cost me $ 2,000-3,000. “

Platt also protests AWS’s role in finding out that he was being scammed (i.e. void). Explain that this was not complex at all: it was only a Bash script in Lambda, already known, which downloaded and ran the mining software.

The script reactivated every 3 minutes and stayed mining for up to 15 minutes… but it did so in all “AWS regions” of the world.

“What strikes me is that the software is well known. […] a plain text file, easy [de detectar] for someone like Amazon (looking for strings like ‘xmrig’) and to notify users. Instead, I find out through an alert from my credit card company. “



The script to blame for everything.

“AWS has alert systems that you can use to detect overspending. I should have used them [pero] They didn’t exist when I signed up. And with 200 links on its main menu, they are not at all easy to find. “ “In any case, wouldn’t it be reasonable to send an email when monthly account costs increase by 150,000%? Or to expect the world’s largest tech company to do a little more to protect its customers from fraud? ? […] And, really, they can afford to pick up the phone. “

Platt criticizes the ‘bite the bait’ model used by AWS to attract customers: “at first the credits are free, then you’re hooked on AWS for life. But most SMEs that recruit would be struck down by a sudden bill like this. “

As a conclusion released to AWS customers (current and potential), Platt recommends, if you are using the platform, that let’s check our security settings and configure cost anomaly detection in this link, as well as reconsider “if AWS is the right option for your scale and resources, however tempting their credits are.

So much for this?

To Platt, in addition, the 45,000 dollars invested in this mining task seems to him “a waste”: