Amazon has extremely tight security, including 2fa, fine-grained IAM permissions, instance security groups, VPC, and more.

The fact that Code Space's didn't bother to use them is their own problem, not a failing on Amazon's side.

Additionally, storing all of your backups with the same service as your production environment was outright moronic.