Postmortems

Cascaded cloudy services can be quite risky.

Cascaded cloudy services can be quite risky. Security of the stack is reduced to trust but not under control. The Buffer hack explained.

“MongoHQ Co-Founder Jason McKay, in an open letter on the company web site, wrote that they discovered the breach yesterday when they detected “unauthorized access to an internal support application using a password that was shared with a compromised personal account.” In other words, an employee was fooled into giving up their account credentials. To MongoHQ’s detriment, the internal support application was exposed to the Internet. There was no virtual private network (VPN) to fully protect the back-end of the service. MongoHQ has now taken steps to put a VPN into place.”

Combined with unencrypted tokens by Buffer.