Task 1 of 4
The Developer Who Accidentally Published $38,000 in AWS Charges
In 2014, a developer pushed code to a public GitHub repo and accidentally included their AWS access key in the commit. Within 15 minutes, automated bots that continuously scan GitHub for leaked credentials had found the key and started spinning up EC2 instances to mine cryptocurrency.
By the time the developer noticed and revoked the key, AWS had billed them $38,000. The bill was eventually waived by AWS — but many aren't. This happens hundreds of times a day across GitHub. Automated scanners run 24/7 watching for new commits containing secrets.
SECRETS FOUND IN THE WILD — REAL EXAMPLES
AWS keys in GitHub
Most common. Attackers use them for crypto mining, data exfil, or resell access. P1 on every bug bounty.
Stripe live keys
Payment processing — attackers make charges, create payouts to their accounts. Immediate financial loss.
Database passwords
Direct access to the database. Read every user record, password hash, PII.
JWT secrets
Forge any user's session token. Instant admin access.
SendGrid/Mailgun API keys
Send phishing emails from the company's own domain. Bypass spam filters.
GitHub tokens
Access private repos, which may contain more secrets. Chain of access.
1
A developer revokes a leaked AWS key 15 minutes after pushing it to GitHub. Are they safe?
Answer all 1 question to continue