🔑 The exposed API keys

Improper assets management

It's Tuesday morning and your developer mentions they've open-sourced part of your frontend code on GitHub to build credibility with the developer community.

An hour later, you get an alert that your API usage has spiked to 50x normal levels.

Checking the logs, you see thousands of requests from IP addresses around the world, all using your production API keys.

You realise with horror that the GitHub repository includes a config file with your live API keys, database URLs, and third-party service credentials.

Technical Issue: Production API keys were hardcoded in configuration files that got committed to a public repository. Automated bots scan GitHub constantly for exposed credentials and immediately exploit them.

What's your immediate first move?

Immediately revoke all exposed API keys

Generate new keys and update your systems before more damage occurs

Implement emergency rate limiting on your API

Slow down the abuse while you figure out the scope

Quickly remove the credentials from the GitHub repository

Delete the config file and clean the Git history

Monitor API usage patterns to understand the impact

Track what data is being accessed before taking action

← Select different scenario