The outage occurred yesterday when an employee responded to an abuse report about a phishing URL in Cloudflare's R2 platform. However, instead of blocking the specific endpoint, the employee mistakenly turned off the entire R2 Gateway service.
Oopsies
Why tf did this employee have the permissions to turn off the entire service? If their job is responding to abuse reports, they do not need that level of privilege.
It's entirely possible the employee had more than one hat and was dabbling in customer service that day. it's not unheard of in the IT field for the buckets to mix when demand states it. Being said the better question is how you could mistake a shutdown/deactivate button as an apply button
apperently cloudflare thought the same as they removed the button from the panel the employee used lmao
And even then, there should be an approval workflow to at least have one more set of eyes review the change before it’s implemented.
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world