It’s not known for exactly how long the bucket was left exposed, but a text file left behind by an unnamed security researcher, dated September 2018, warned that the bucket was “not properly configured” which can have “dangerous security implications.”
So... this has been a known problem since 2018. Time to stop tilting at windmills.
If it's all theater, then it's worth pointing out the A/C/M times of files are easy to fake. A competent intruder can feather filesystem times and modify logs to point investigators toward the wrong conclusion.
It’s not known for exactly how long the bucket was left exposed, but a text file left behind by an unnamed security researcher, dated September 2018, warned that the bucket was “not properly configured” which can have “dangerous security implications.”
So... this has been a known problem since 2018. Time to stop tilting at windmills.