It says they use publicly exposed or leaked IAM keys with RW permission to do this, in case anybody is interested in how they get in.