It has been discovered that threat actors might take over expired Amazon S3 buckets to serve rogue binaries without changing the actual modules. Malicious binaries exfiltrate the stolen data to the hacked bucket after stealing the user names, passwords, local machine environment variables, and local hostname.

Source: GBHackers