56
igokith
8y

My coworker shared account keys of Amazon aws on a public repo at Github. Took me around 3 days to find out and about 20 ec2 instances were created and running by a hacker...

Comments
  • 2
    Ouch! Doesn't github warn you about keys nowadays?
  • 3
    @Charmgoggles Im not sure. Maybe my colleague overlooked it. But amazon emailed us and gave us a link to the specific file that contains the keys.
  • 7
    I've been there. Actually wrote a long rant about it here. Except I was the clown that actually leaked the keys
  • 0
    Ouch. Why not use private repo's?
  • 5
    How sweet of the hacker to not delete your instances.
  • 0
    @mcraz well then people would notice faster, so it's a bad idea
Add Comment