374

So I accidentally published my AWS keys to GitHub, stupid me. I realize this the next day.

$ git reset
$ git push
Reset keys in AWS

I was too late. Bot already stole the keys and started up 53 EC2 instances. Racked up $4000+ of compute time (probably Bitcoin mining, I'd assume)

4 weeks later, I finally have this shit disputed and settled.

Don't test with hardcoded keys. You WILL forget about them. Env vars always. That is all.

Comments
Add Comment