The EU’s AWS “Master Key”: How a Compromised Trivy Update Leaked 340GB of Data In March the European Commission's public europa.eu platform was compromised after a supply‑chain attack on the Trivy security tool—attributed to threat actor TeamPCP—allowed attackers to steal an AWS API key and move laterally across affiliated accounts. The extortion group ShinyHunters published roughly 91.7 GB compressed (340 GB raw) of stolen data...

A compromised Trivy update led to TeamPCP stealing an AWS API key, leaking 340GB of EU public data including emails and contracts. Key rotations and security measures followed. #TrivyAttack #AWSLeak #EuropeanUnion