Source: medium.com
Our cloud environment got hacked! — lessons learnedCategory: Security, Data, Redis
My team was getting ready to release our product in the next week so we were getting our infrastructure tested and deployed on AWS. I woke up one morning to find that I could not log in to one of our test environments.
I logged into the redis server and discovered that there had been attempts to persist data from memory to disk and that there were queries looking for “backup1”, “backup2”, etc.
With all of the craziness leading up to our launch, and our minds being in “dev mode”, we had accidentally loaded the wrong Security Group on the redis server, which left it wide open to the Internet.
We were so scatter-brained that we skipped our usual checks and balances with regards to security.
I logged into the redis server and discovered that there had been attempts to persist data from memory to disk and that there were queries looking for “backup1”, “backup2”, etc.
With all of the craziness leading up to our launch, and our minds being in “dev mode”, we had accidentally loaded the wrong Security Group on the redis server, which left it wide open to the Internet.
We were so scatter-brained that we skipped our usual checks and balances with regards to security.
Related Articles
Community Partners
DevOps Careers