Submission + - Botnets Scanning Github to Steal Amazon EC2 Keys (devfactor.net)
juniq writes: As one developer found out, posting your Amazon keys to Github on accident can be a costly mistake if they are not revoked immediately...
Turns out through the S3 API you can actually spin up EC2 instances, and my key had been spotted by a bot that continually searches GitHub for API keys. Amazon AWS customer support informed me this happens a lot recently, hackers have created an algorithm that searches GitHub 24 hours per day for API keys. Once it finds one it spins up max instances of EC2 servers to farm itself bitcoins.
