In May 2022, a data breach involving Amazon Web Services (AWS) came to light, affecting Pegasus Airlines. The breach, discovered by a security firm, exposed sensitive information, including Electronic Flight Bag data, navigation details, proprietary software, and personal data of the airline's crew members. This incident highlights the importance of robust security measures and data protection practices in the digital age.

How many accounts were compromised?

The breach impacted data related to over 100 million individuals in the Capital One breach alone, while the Pegasus Airlines breach exposed 6.5 terabytes of sensitive data, and the Uber breach affected 50 million passengers and 600,000 US driver records.

What data was leaked?

The data exposed in the breaches included personal information such as names, dates of birth, social security numbers, credit card information, email addresses, phone numbers, drivers' licenses, passport images, medical insurance cards, sensitive flight data, employee PII, company source code, and altered JavaScript SDKs.

How was AWS hacked?

Hackers breached sensitive data by exploiting misconfigured Amazon S3 buckets, firewall misconfigurations, and vulnerabilities in AWS server configurations. In some cases, they installed malware or altered code to further compromise the affected systems. The breaches were often discovered by security firms or ethical hackers, prompting the affected companies to take action and secure their data.

AWS's solution

In response to the hack, AWS took several measures to enhance its security and prevent future incidents. These measures included providing comprehensive security services and tools to protect customer data, such as AWS Identity and Access Management (IAM), AWS CloudTrail, Amazon Macie, AWS CloudHSM, and AWS Key Management Service (KMS). AWS also adopted a shared responsibility model for security, with customers responsible for their data and AWS responsible for the underlying infrastructure. Additionally, AWS collaborated closely with customers to understand their data protection needs and offered comprehensive services, tooling, and resources to help protect their data.

How do I know if I was affected?

AWS has not explicitly mentioned reaching out to affected users in these breaches. However, if you are concerned about your data being compromised, you can visit Have I Been Pwned to check if your email address has been involved in any data breaches.

What should affected users do?

In general, affected users should:

• Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

• Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

• Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.

• Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform.

For more specific help and instructions related to AWS, please contact AWS Support directly.

Where can I go to learn more?

If you want to find more information on the AWS data breach, check out the following news articles:

• Amazon Web Services (AWS) Data Breaches: Full Timeline Through 2023

• High Profile AWS Breaches: Lessons To Be Learned