These risk actors ended up then in the position to steal AWS session tokens, the short term keys that enable you to ask for temporary qualifications to the employer??s AWS account. By hijacking active tokens, the attackers had been ready to bypass MFA controls and gain use of Protected Wallet ?