I’ve spent the last 48 hours dissecting the leak from the European Commission’s "Europa" platform. New evidence from the dump suggests the breach is far larger than initially reported—up to 350GB of exfiltrated data, not just 90GB.
My technical analysis confirms:
Stolen DKIM Signing Keys: Total loss of email authenticity. This allows for perfect impersonation of EU domains, bypassing DMARC.
SSO Directory Exposure: The "Skeleton" of their AWS Organizations was exposed, likely due to a lack of proper Service Control Policies (SCPs).
IAM Failures: Evidence points to over-privileged roles (Resource: "*") and failure to enforce IMDSv2, explaining how such a massive volume (350GB) could be exfiltrated.
It is deeply ironic that the institution enforcing GDPR on everyone else failed at basic cloud hygiene.
The site is a 45KB static HTML to stay accessible. I’m curious to hear from other AWS architects—how does an organization of this scale miss such fundamental guardrails?
D__S•1h ago
My technical analysis confirms:
Stolen DKIM Signing Keys: Total loss of email authenticity. This allows for perfect impersonation of EU domains, bypassing DMARC.
SSO Directory Exposure: The "Skeleton" of their AWS Organizations was exposed, likely due to a lack of proper Service Control Policies (SCPs). IAM Failures: Evidence points to over-privileged roles (Resource: "*") and failure to enforce IMDSv2, explaining how such a massive volume (350GB) could be exfiltrated.
It is deeply ironic that the institution enforcing GDPR on everyone else failed at basic cloud hygiene.
The site is a 45KB static HTML to stay accessible. I’m curious to hear from other AWS architects—how does an organization of this scale miss such fundamental guardrails?