Late last week I was playing around with git, and published my shell scripts folder to github (PUBLICLY!)… And I’d forgotten I’ve got some subfolders in their with some passwords - and worse? Some subfolders with BOTH private and public keys!
One of the keypairs was for my Amazon AWS account, e.g. PEM key to access Linux hosts in EC2 (don’t currently have any).
So - got nasty warnings immediately from GitHub - and even NASTIER warnings after they alerted Amazon! I didn’t even know they could do that…
I deleted the git repo in question… I’m sure it was only “public” for less than 5 minutes!
I ended up having to use IAM (in AWS) to delete the user with that compromised key.
Only just cleared everything up with AWS today… phew! And support tickets got raised - I bl00dy well hope AWS don’t bill me for it!
My boss keeps hassling me to get my AWS certs (I HATE STUDYING! I hate EXAM CRAMMING! I’m too old for this sh!t!) - I but I don’t think there’s a way out of it - so I’ll need my AWS creds, as my employer doesn’t have AWS or EC2, so I have to use my personal account and get re-imbursed for compute resources I’m billed for.
So - not using AWS in “anger” right at the moment, but will be shortly… shame 'cause I kinda really really hate Bezos…
I think that is pretty nice behaviour. Imagine someone accidentally loads up this stuff, never notices and then their expensive account is hijacked by some script kiddie in Siberia…
That said, there were some issues with Github credentials that were publicly accessible in Github repositories, which actually got hijacked and misused. So I think they learnt from this lesson and do what you just described.
I’m not saying it wasn’t nice, but the consquences were nasty … it was a good thing… lucky for me they’ve got their heads screwed on right, when I haven’t
Yes - my boss will re-imburse me for AWS compute hours I use… I’d rather not use any, than a single cent of currency makes its way to Bezos’ arse :
Yeah - I’m quibbling "echo $(awk 'BEGIN {print (1090000000000.00059)})" is the question to the 64 million dollar answer… but if I gave 0.00059 of my net worth, it would be lucky to reach $5.00… I could spare $5.00… Going to chuck in $20 or even $50 to bushfire relief - even though my state (WA) is barely affected…*
If it makes you feel better, 2 YouTubers that I like (which is rare) and do regular streams recently donated all of the money, that was donated to the stream, to some fire department thing in Australia.
Another thing is, I try to avoid Amazon as much as possible. I did not order anything from Amazon since many years and avoid it as much as I can, in general. A shame really, that I ordered something off eBay a couple of years ago and the seller decided to send it from their Amazon department. So I even ordered something from Amazon, without knowing and giving consent.
Having said all that, I was shocked to see that some official Debian servers are hosted on AWS… This is ironic, the wrong way…
Just got this from UpGuard (email newsletter I’m subscribed to) :
I actually thought this was about my “blonde moment” when I first started reading it - it’s right around the date/time I muffed this - but it’s not me, and there definitely wasn’t anywhere near a GB of data in there (maybe 20 MB at most)! Phew… and also - GitHub actually notified me within minutes of my blunder - and I deleted the respository… it was ‘online public’ for maybe 15 minutes at the most, if that - but it was long enough to trigger alerts from GitHub themselves, and upstream to AWS - but this case quoted by UpGuard WAS NOT ME - I didn’t do it :
… it was a good thing… lucky for me they’ve got their heads screwed on right, when I haven’t 
