| I had 2 accounts compromised last week: 1. AWS account
2. Gmail account Both keys (account secrets for AWS and user/pw for gmail) were only used in a single repository hosted on Github, private, with only me as a collaborator. Both accounts were accessed within the same week, thus this .env is likely the source of leakage. For this project, I only work from the same PC. If my PC was compromised, I would expect other accounts to be compromised as well. The application server (in DigitalOcean), that also reads from this repository, has no signal of intrusion. I know that it's a bad practice of keeping production keys on the repo, but was confident that if I was careful, it would not be easily leaked. Am I missing something else? |
But really we can't tell; there's been nothing in the news about a mass compromise, or mass leaking. So it is possible you've had a PC compromise by a slow & stealthy user, or something entirely different.