Originally posted on LinkedIn
Today I got the most dreaded email in tech ☠️
I haven’t used AWS on my personal account in over 2 years. And apparently someone was spinning up resources in Tokyo.
They got in and now my account has 2FA tied to a device I don’t control.
THANK GOD I had already changed all the credit cards linked to AWS a bit earlier, or someone would’ve mined crypto and I’d be sitting on a debt of several thousand dollars.
What happened? The obvious: I had an insecure password 🙈 . I’ve been using 1Password for my passwords for over a year, and I thought I’d already updated all my weak ones… but nope. And with the 1.6 billion password breach, my old one was in there. PS, you can check if yours showed up here: https://lnkd.in/eUXJ6iC2
The good news? I recovered access and everything’s fine. But what a scare 🫣
