3/5/2026 at 2:04:16 PM
> permitted a single ECS task role "read access to every secret in the account, including the production Redshift master credential."...
> noting that the stolen information was old and consisted mostly of non-critical details
So I guess 'mostly' is doing a lot of heavy lifting, and they hadn't rotated the credentials in a long time
by pkaeding