Usually, developer Joe Moreno gets a bill for about $5 each month for his usage of Amazon Web Service’s cloud computing capabilities. But his most recent bill topped $5,300 thanks to a hacker who had accessed his account and used it to mine Bitcoin.
Adding insult to injury, Moreno discovered that he was the one who had enabled the attack. He had accidentally included his access key in code he uploaded to a GitHub repository, giving the hackers everything they needed to compromise his account.
Moreno’s experience is far from isolated. A growing number of developers have reported similar problems, and security researcher Ty Miller said he found access keys for nearly 10,000 AWS accounts in a GitHub search. Experts encourage developers who use GitHub and cloud computing services to double-check to make sure they haven’t included login information in source code that is publicly available.
The good news is that AWS has given Moreno a credit to offset the charges racked up by the hacker.