: looking at your code published in GitHub) aws iam list-access-keys aws iam update-access-key -access-key-id AKIAIOSFODNN7EXAMPLE \ -status Inactive -user-name Bob It turned out to have been caused by a stolen Amazon Web Services (AWS) API key that was used to access a database snapshot containing the compromised data.The hackers then logged into Uber's AWS account and downloaded files that included the personally identifiable data of millions of the app's users, including. They told me that my account may had been compromised, and gave me some list of things to do in order to strengthen my account security and to avoid further EC2 service usage.An attacker with your access keys may for example start a new service at your expense (read more about ~100K $ bill for OlinData ) or even kick you out from the business The process of creation is well explained in heroku docs. When you create Access Keys, you are basically blind how they are used.
Disable the application IAM key, create a backup IAM access key, and then disable the compromised access key