14 DAY TRIAL // If you think you had a bad day, than this next story is going to contradict you, unless you too lost $6,500 / €5,800 in just a few hours.
According to a post on his blog, Carlo van Wyk, a developer from South Africa, had an unpleasant encounter with a software bug, which eventually escalated to a $6,500 / €5,800 bill on Amazon's Web Services (AWS) cloud platform.
The bug was present in the GitHub Extension for Visual Studio, versions 1.0.9 through 1.0.13, and manifested itself by creating public repositories instead of private ones.
GitHub, the online source code hosting service, fixed the issue in version 1.0.14, but the person who reported it, Mr. van Wyk, found out how painful software glitches can be, especially in today's interconnected Web.
Kids, before you go to bed, make sure your AWS access key is stored somewhere safe
As Mr. van Wyk recounts, soon after he submitted his private code to GitHub via the Visual Code extension, he got an email from Amazon informing him his account was compromised.
This happened because the repository, which was supposed to be private, contained an AWS access key, which was quickly picked up by a Bitcoin-mining bot, as Mr. van Wyk suspects.
With this access key, this Bitcoing-mining bot (let's call it this, even if it's unconfirmed) went on to open an account on the Amazon Elastic Compute Cloud (EC2), which is a powerful cloud-computing platform that allows developers to run CPU-intensive operations on larger, more capable computers. Let's just say: Bitcoin-mining bot + EC2 = love.
Even if Mr. van Wyk, with the support of the Amazon support staff, managed to contain the damage, this took a few hours, during which the assailant managed to deploy over 120 "spot instances" on EC2's infrastructure across the globe, all of which racked up a bill of $6,500 / €5,800.
We reached out to Mr. van Wyk to ask him if Amazon was kind enough to drop the bill, or if GitHub would be picking it up as a way to say "Sorry, my bad!"
UPDATE: As Mr. van Wyk told Softpedia, the first steps for having his bill erased were taken by one of the Amazon AWS support agents, but this will take some time to be approved.
