@berkes they published a blog post on it in the community portal
What is unclear to me: were those S3 buckets public readable?
Unencrypted backups on a third party are bad in itself, but probably not a security incident.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!