Ask HN: Has AWS Been Hacked?
I just received the following email, to an email address that has only ever been used once, to register an AWS account in 2021.
---- On Thu, 19 May 2022 03:47:29 +1000 Carent Domingo <yourdomainguru.ren49@gmail.com> wrote ----
Hello,
My name is Carent from TDS. We have a domain that is currently on sale that you might be interested in - TeamFortress.net
Anytime someone types Team Fortress, Team Fortress Online, The Best Team Fortress, or any other phrase with these keywords into their browser, your site could be the first they see!
The internet is the most efficient way to acquire new customers
Avg Google Search Results for this domain is: 68,500,000
You can easily redirect all the traffic this domain gets to your current site!
GoDaddy.com appraises this domain at $1,345.
Priced at only $398 for a limited time! If interested please go to TeamFortress.net and select Buy Now, or purchase directly at GoDaddy.
Act Fast! First person to select Buy Now gets it!
Thank you very much for your time.
Top Domain Sellers (TDS)
Carent DomingoThis is almost certainly leaking without you realizing it via a WHOIS contact email somewhere or another
Another possibilty is that overseas contractors for AWS regularly harvest email addresses from the support UI and spam them. Wouldn't surprise me, but the first is more likely. Wouldn't really call this a hack though either way.
> Another possibilty is that overseas contractors for AWS regularly harvest email addresses from the support UI and spam them.
If this was a practice that was possible and occurring then I suspect we'd have heard of many more cases by now. Most big companies don't use contractors for work that gives them access to customer data like that, and most don't just allow anyone easy access to raw customer data without a paper trail and reason.
> Most big companies don't use contractors for work that gives them access to customer data like that
[citation needed]
Okta is a recent counter-example.
What big companies are you referring to? Protecting data takes effort, so by virtue of that, intent is a necessary precondition.
Most companies probably don't take care of these things at the rate or level you seem to be assuming that they do.
At a previous company AWS was a customer, and I can tell you from the corporate training resources I've seen, they have huge populations of support engineers in countries like India, who are contractors.
You would think.. But Epam is a contractor for one of the clouds and has access to client data. Another few (contractor/outsourcing ) companies i know of have access to all their customer's customer data.
Dell, too
AWS could be hacked... but the other logical options are your email provider was hacked... or some other PI/hacker who really cares about you (due to team fortress) has figured out your naming pattern from other sources and is probing you, either with or without that domain name company's help?
Considering you're a developer of a game called "team fortress" (based on your HN comment history) who had a domain for team fortress with WHOIS info updated in 2021, I'd say that its probably someone on your dev team trying to make a few bucks and knew the address. But maybe you registered this with Cloudflare and forgot, and Cloudflare is forwarding the email to you.
I have all those things, but I used a very specific email address for AWS.
Basically, name+unique_identifier@domain.tld
The unique_identifier is unique to this AWS account.
Maybe you have a catch-all enabled in your email client?
Are you certain you did not use the email anywhere else, including in WHOIS records for any domain?
Is the email predictable?
I use a dedicated email address for AWS and I have only ever received AWS correspondence to it.
Yep the email address is of the format: name+serverlocationyear@domain.tld and has absolutely only ever been used for this one purpose.
Likely they issue. Might be worth taking the deal as I imagine Team Fortress is trademarked by Valve.
https://trademarks.justia.com/755/42/team-75542473.html
Trademark filed 1998-08-25.
WHOIS reports this domain was registered 2021-06-01.
A risky purchase.
I've been sued by Politico and eBay for infringement in domains. I wouldn't touch this domain with a barge pole.
Did you use this site to register for GoDaddy by any chance? Or for a domain name with AWS that later got transferred to GoDaddy?
Nope.
Do you use browser extensions that could collect form data?
Have you ever had any domain registered with this AWS account?
Nope.