YC-Backed Startup Exposed Production AWS Keys for Five Months

A Y Combinator-backed startup exposed production AWS access keys in a public repository for five months. The keys were discovered by a security researcher and reported through the company’s vulnerability disclosure program. The startup acknowledged the issue and revoked the exposed credentials.