> the supposed hacker was the goddamn Unifi Head of Cloud, using the access keys needed to do their job
If this comment from a former employee is correct then no, he had root access to a bunch of stuff for no good reason and their security stance is abysmal.
Nobody should have the root aws tokens. They should be split between two teams and stored in a safe & access should go through another method that is audited
The employee in question was the head of their cloud, so he would have been the one to implement, or drive the implementation of the proper access controls. Based on other employees accounts of the guy, it sounds like people were trying to advocate for better access controls/separation but he didn't let it happen (presumably because he was planning on doing something like this).
If this comment from a former employee is correct then no, he had root access to a bunch of stuff for no good reason and their security stance is abysmal.
Nobody should have the root aws tokens. They should be split between two teams and stored in a safe & access should go through another method that is audited
https://news.ycombinator.com/item?id=29456593