Hackers turned a compromised npm package into full AWS admin access in 72 hours

Hackers "enumerated and accessed objects within S3 buckets, terminated production EC2 and RDS instances, and decrypted application keys."

Kiera Fields

Mar 17, 2026 - 2 min read

Image credit: https://unsplash.com/@indiratjokorda

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Already a member? Sign in

Success! You now have access to additional content.