An error occurred (404) when calling the HeadBucket operation: Not Found. The ‘list-buckets’ option was used to list the contents of the S3 bucket. PureSec created an HTML file called “puresec.html” containing the text “PureSec hacked this site!” The site was down for a couple of days, which Caleb’s application stayed down for several days. Later, the site was resurrected, IAM permissions were fixed, and IAM access were fixed.”]
Source: https://www.darkreading.com/cloud/securing-serverless-attacking-an-aws-account-via-a-lambda-function