Code Room
On-callMediumoc-g595
Subject Security credential leakLevel Mid–Senior~30 minCommon in Security interviewsIndustries Technology, Software development

Question

At 09:14 a security researcher emails support: a long-lived AWS access key for your production data-pipeline IAM user is sitting in a public GitHub repo your company open-sourced last week. The CloudTrail dashboard shows the key was used 11 minutes ago from an IP geolocated to a region you don't operate in, calling s3:ListBuckets and s3:GetObject. The commit that introduced the key is 6 days old; the repo has 40 stars and 3 forks. You're the on-call engineer. Walk through how you triage and contain this, and what the durable fix and postmortem look like.

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.