AWS S3 storage bucket with unlucky name nearly cost developer $1,300Ask Maciej Pocwierz, who just happened to pick an S3 name that "one of the popular open-source tools" used for its default backup configuration. After setting up the bucket for a client project, he checked his billing page and found nearly 100 million unauthorized attempts to create new files on his bucket (PUT requests) within one day. The bill was over $1,300 and counting.
I didn’t know that AWS charges for unauthorized requests. This is a chance for an attack where you just guess at bucket names, then flood them.