Code Room
On-callMediumoc-g140
Subject Abuse trafficLevel Mid–Senior~35 minCommon in Reliability & on-call interviewsIndustries Technology, Software development

Question

Your signup dashboard shows new-account creation up 25x in 6 hours, all from a handful of cloud ASNs, using disposable-email domains and sequential usernames. These accounts immediately call your free-tier LLM completion API at the per-account rate limit, burning a large GPU bill, and a few are scraping your private 'people search' endpoint. Conversion to paid is zero. Your fraud queue is clean (no chargebacks yet) so finance hasn't noticed, but cost-per-hour just doubled. How do you triage and shut down this abuse without harming legitimate new users?

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.