Amazon AWS Breach: Hacked Accounts Power Major Crypto-Mining

Executive Summary

In December 2025, Amazon’s AWS (Amazon Web Services) experienced a major security breach that compromised numerous customer accounts, which were subsequently exploited for an extensive crypto-mining operation. The attackers targeted AWS’s Elastic Compute Cloud (EC2) and Elastic Container Service (ECS), leveraging valid credentials obtained through Identity and Access Management (IAM) from several accounts. The breach was identified on December 17, 2025, highlighting an alarming trend in account hijacking within cloud services. With potentially thousands of users affected, the incident raises significant concerns regarding the security of cloud infrastructure and the protection of sensitive credentials. As organizations increasingly rely on AWS for their operations, understanding the implications of this breach is critical for enhancing cybersecurity measures.

 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

• The breach was discovered on December 17, 2025, after unusual activity was reported in customer accounts.
• Attackers gained access to AWS accounts over a period, using stolen IAM credentials.

Data Compromised

• Credentials for multiple AWS accounts were compromised, including sensitive IAM roles.
• Data related to cloud-based applications and workloads of numerous organizations were potentially exposed.

Impact Assessment

• The breach affected thousands of users, with significant implications for organizations relying on AWS.
• Potential financial repercussions from unauthorized crypto-mining activities could impact customer billing and resource allocation.

Company Response

• Amazon launched an internal investigation to assess the scope of the breach and mitigate any ongoing threats.
• Users were advised to update their IAM credentials and implement stronger security measures.

Security Implications

• This incident underscores the vulnerability of cloud services to credential theft and unauthorized access.
• Organizations are urged to adopt multi-factor authentication and rigorous monitoring of account activities to enhance security.

 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.