My technical analysis confirms:
Stolen DKIM Signing Keys: Total loss of email authenticity. This allows for perfect impersonation of EU domains, bypassing DMARC.
SSO Directory Exposure: The "Skeleton" of their AWS Organizations was exposed, likely due to a lack of proper Service Control Policies (SCPs). IAM Failures: Evidence points to over-privileged roles (Resource: "*") and failure to enforce IMDSv2, explaining how such a massive volume (350GB) could be exfiltrated.
It is deeply ironic that the institution enforcing GDPR on everyone else failed at basic cloud hygiene.
The site is a 45KB static HTML to stay accessible. I’m curious to hear from other AWS architects—how does an organization of this scale miss such fundamental guardrails?
Betelbuddy•1h ago
I see it from a more strategic point of view. This is what happens when an entire industry decided that real learning is optional.
Nobody thinks they need training or up skilling anymore. Architects vibe-configure their IAM policies out of ChatGPT, copy paste SCPs from Stack Overflow, and call it done. No threat modeling, no blast radius analysis, no understanding of why the guardrail exists.
And AWS shoulders blame here too. They gutted hands on, instructor-led training in favor of SkillBuilder modules and self-service docs, then washed their hands of it.
Their entire customer enablement model is now here is one of a thousand 12-minute videos and a multiple-choice quiz, good luck with your multi-account Organization....
The EU failed at taking cloud seriously enough, to actually learn it. And they are far from alone.