2022-Jun-12 AWS Incident Report

Type:Security breach on Amazon Web Services
Time:12 June at 00:22 UTC and again at 06:18 UTC
Duration:Several minutes each time
Customers affected:None
Status:Services working as expected

Incident Details

On the 12th June 2022 at 00:22 UTC for several minutes, and again at 06:18 UTC for a few seconds, Licorice had a hack attempt on our Amazon Web Services.

Salient Points

  1. One of our AWS Access Keys was appropriated by hackers.
  2. Due to our layered approach to security, the hackers had no success in compromising our existing environment.
  3. No customer data was exposed, or was at risk of exposure during the attack.
  4. The hackers were able to spin up AWS resources in different regions, which we were able to shut down once the key was disabled to prevent further misuse.
  5. The hackers intent is unclear, but it is likely they were setting up to mine cryptocurrency or use the infrastructure to launch distributed denial of service (DDoS) attacks.

We have completed an internal review and identified corrective actions that we will take to minimise the likelihood of this happening again.

The attack was likely performed by two to three members of European hacking group Chaos Computer Club (CCC), operating behind proxy exit nodes at data centres in Germany, Romania, and Ukraine.

If you have any questions on this incident, you can reach me via our discord via the link at the top of this page.

This page will be updated for completeness as necessary.

Samantha Glocker
Founder and CEO