I'm referring to the endless amounts of S3 buckets that ended up inadvertently exposing sensitive data publicly due to how complicated and confusing the various access control methods were / are. And also, Amazon very
eventually doing something about, probably a decade after it was needed. [1][2][3]
[1]: https://cloudsecurityalliance.org/blog/2023/04/06/the-data-o...
[2]: https://news.ycombinator.com/item?id=18468753
[3]: https://news.ycombinator.com/item?id=34585670
