Between 4:05 AM PDT and 5:56 AM PDT, some customers may have experienced elevated errors resolving DNS records hosted on Route 53 using DNS resolvers 8.8.8.8 / 8.8.4.4. This issue was caused by a problem with a third-party Internet provider. The issue has been resolved and the service is operating normally.
It seems like either the title is misleading, or the article does a poor job of explaining the situation. From my reading of the article text, it seems DNS traffic was rerouted to Route53, which the attackers then used to serve false DNS records. That does not sound like Route53 was hijacked at all, just that the attackers happened to use the service it provides.
Traffic to Route 53 was rerouted to an alternative DNS server. But that has nothing to do with my question re. AWS calling out Google in particular in their status update.
Some Route53 traffic was redirected somewhere else. Traffic can only be hijacked from neighbors that actually accept the routes. You would think Google of all networks would have effective ingress filtering to prevent this, but it seems like they did accept it in this case.
Bcrypt isn't magic. It will help slow down a full crack against everyone when every pw takes some tens of ms to check (though even if they had a hefty work factor of 1 second on a beefy ec2 instance, you can check a million accounts for 'password' in 11.5 days on a single machine, much less when you can spin up many more instances / leverage a botnet of many if less powerful machines). And if you want to target an individual user, you can try a million different PWs on their account over the same period. That's why it's best practice for everyone to rotate, though if your PW is complex and you're not a particularly juicy target you can probably get away with not doing it right now.
The webserver could have been compromised causing plaintexts for login attempts to be exposed as well. In fact, that is a very plausible explanation for how the database was accessed since it is usually firewalled off.
You might find the below numbers interesting. Note that this performance is only one workstation with 8x gtx980.
Even the mighty bcrypt (sidebar, look at the sha512 #s) won't save you if your password is bad. Now consider social media mining to enhance the word list. Now consider that (anecdotally) I have never done a hashcat audit and not had to have a conversation with someone about choosing better passwords:
"you have to send them scans of personal documents (such as passport, drivers license or similar)."
What? Seriously?
"In addition to that, we delete that information after 21 days."
Hmm, do they delete the info that ends up on backup copies? How do you know they even actually delete it in 21 days? It's not like there is a third party even auditing which you can rely on. (Not that I'd ever do that for something like this anyway, I would just find another provider.)
Yes seriously, here is what they asked me on first order with them:
"Since you're a new customer with Hetzner, we ask you for a scan of your passport or ID card (authenticity check).
It's only necessary for your first order with us.
Please send the scan by fax or as an email attachment."
When they say they delete it after 21 days, as they did in the mail I've just received, I trust them. I find their communication on this matter, as well as previous matters, open and serious.
Okay, but stealing a backup gets you 21 days of those documents, the same amount you can get from the live system. There is no need to worry about backups in particular.
Is this outside of Germany? I rent two servers and I never sent any ID.
This shit is annoying. I think it have been only 6-8 months since the managed server part of Hetzner (KonsoleH) got hacked. Now the VPS/root server part (Robot) got hacked. I understand that both incidents are completely different and it seems that they might've learned a thing or two from the KonsoleH-hack, but still. My address data and my bank data are very likely to be compromised.
But then, changing the hoster doesn't make any sense. My data is somewhere out there, can't get any worse I guess.
Million of Danish Personal Identification numbers and driver license data was downloaded. 10.000 police email accounts "hacked" - as well as access to SIS data (Schengen registers).
Between 4:05 AM PDT and 5:56 AM PDT, some customers may have experienced elevated errors resolving DNS records hosted on Route 53 using DNS resolvers 8.8.8.8 / 8.8.4.4. This issue was caused by a problem with a third-party Internet provider. The issue has been resolved and the service is operating normally.