SoylentNews

An Anonymous Coward writes:

A developer published some of his code, as a paid GitHub subscriber, to a private storage space on GitHub's servers using a tool co-developed by Microsoft and GitHub. Due to a bug in the software, instead of going to their private storage space, it went to a public one, without the developer having any indication anything had gone wrong.

Included in this private code were the developer's keys to their Amazon cloud account. BitCoin miners, who scan GitHub for Amazon keys, found them and began using the developer's account to process BitCoins in the cloud. By the next morning the developer was receiving notifications of oddities on his account, and contacted Amazon support, by this time he had a $1,700 bill with Amazon. Within the next 2 hours, with various calls to Amazon for support, he finally contained the issue, with a nearly $6,500 bill.

https://www.humankode.com/security/how-a-bug-in-visual-studio-2015-exposed-my-source-code-on-github-and-cost-me-6500-in-a-few-hours [humankode.com]

Original Submission