it’s impressive! How does your infrastructure looks like? Is it 100% on prem?

This is the official statement I think: https://global.toyota/jp/newsroom/corporate/39174380.html but it’s light on details (I think, I google translated)

From reading around it looks like it was either a compute instance or a database exposed by mistake, nothing sophisticated.

I think access keys are a legacy authentication mechanism from a time where the objective was increasing cloud adoption and public clouds wanted to support customers to transition from on prem to cloud infra.

But for cloud native environments there are safer ways to authenticate.

A data point: for GCP now Google also advise new customers to enable from the start the org policy to disable service account key creation.

ahah thank you, we shall all yell together then

👋 infra sec blue team lead for a large tech company