In February 2018, the LA Times’ Homicide Report website was discovered to be running Coinhive cryptocurrency mining code injected by attackers who had exploited a publicly writable Amazon S3 bucket. The S3 bucket hosting the web application’s static files had been misconfigured to allow public write access, enabling anyone to modify the hosted JavaScript files. Attackers injected a Coinhive Monero miner that ran in the browsers of all visitors to the Homicide Report page. A security researcher discovered the compromise on February 9; the LA Times fixed it on February 22 after notification. While no user data was directly exfiltrated, the incident was an early high-profile example of the cryptojacking threat and the risks of publicly writable S3 buckets — a misconfiguration that also affects integrity of hosted content.