AWS told KrebsOnSecurity, who earlier reported on Permiso’s research, that “AWS services are operating securely, as designed, and no customer action is needed. The researchers devised a testing scenario that deliberately disregarded security best practices to test what may happen in a very specific scenario… To carry out this research, security researchers ignored fundamental security best practices and publicly shared an access key on the internet to observe what would happen.”