All AWS keys I've seen start with 'AKIA'. I am assuming that they have bots that search Github and other search engines for access keys. At that point it is easy for them to tie them back to an account and notify the user.

They must only have started doing that recently. This project has been out in the wild for at least a year.

Well, kudos to them for doing that, at least. Of course it's awful that you could be out ~$3k, but imagine how bad it could have been if they hadn't been so proactive.

Yeah, it would have been another day at least before I checked amazon again.

Luke, drop me a note at werner [at] amazon with a link to the support ticket you created, and we'll see what we can do.

Wow, talk about customer service!

horray AWS!

Ha - no --- they do that when they see a spike in charges.

Or maybe it's just a coincidence they emailed immediately AFTER he racked up +3000$ in charges.

Email linked to my GitHub profile, so I would say by searching. But that's an assumption.

I bet you 20 bucks they searched for your key after they investigated the sudden spike in your charges :D