Amazon Web Services has been taking some PR knocks in recent weeks. First, came the massive outage which sparked anger and frustration among many core customers. Now, word comes that Amazon Web Services was the platform that hackers used to disrupt Sony’s PlayStation Network and Qriocity service late last month.
Bloomberg News reports — citing an anonymous source — that the hackers rented server space from Amazon’s EC2. The story notes:
The hackers didn’t break into the Amazon servers, the person said. Rather, they signed up for the service just as a legitimate company would, using fake information. Even so, the breach at Amazon is likely to call attention to concerns some businesses have voiced over the security of computing services delivered via others’ remote servers, referred to as cloud computing.
According to Bloomberg, Amazon.com likely will receive a subpoena in a case now being investigated by the FBI.
Late last month, Sony issued this statement on the security breach.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
The news that the hackers used Amazon Web Services to launch their attack will likely draw more scrutiny of cloud computing at a time when Amazon is still trying to repair its image after last month’s outage. Furthermore, AWS certainly doesn’t want to obtain the reputation as the launching point for crippling cyberattacks, something that The Register pointed out has occurred in the past.