A security advisory has been issued concerning Grafana Loki, an open-source log aggregation tool, due to unauthorized data write attempts to Amazon S3 buckets caused by its default configuration settings. This issue was initially highlighted in a blog post by Maciej Pocwierz, who incurred a $1,300 charge after unauthorized write attempts to his S3 bucket, named using Loki's default settings. The problem arose when the default bucket names in the Loki Helm chart created unintended write targets for AWS users. In response, Grafana Labs has updated the Loki Helm chart to prevent the use of default S3 bucket names, except when using MinIO, and has coordinated with AWS and Google Cloud to ensure that no unauthorized data collection occurs. While AWS has amended its billing policy to no longer charge for unauthorized requests, Google Cloud users remain unaffected, and Microsoft Azure users are inherently protected due to its bucket namespace limitations. The security update advises users to upgrade their Loki Helm charts to patched versions and modify bucket names to avoid potential misconfigurations.