Terminated due to accidental posting of org code into public github
As a cloud architect I was looking to assess a service called “code guru” from AWS and in excitement of trying this out, I put one of the “cloned organization codebase” in my laptop into my github accounts public repo. It was there for 5-6 hrs before I received a security operations email escalating Upto cio. I realized at that point that I did a mistake and quickly brought down the repo, removed myself from accessing org code and assessed what damage could have been done and what was there in the code. Figured that: 1. From audit log in github only myself logged in to the repo since it’s creation 2. There were passwords of internal systems n connection details of internal systems - they would be changed 3. Gave full details of these to my superior and devops 4. They made sure that no damage was done and passwords rotated. However in one week, I got the news that it’s serious and I had to go through a formal proceedings. They asked questions and did some “investigations” and finally termination saying that “this could have led to serious damage” and that “it took several hours to reset passwords and codes” so “org has lost trusts in you”. Do I have case here to go legal? What’s your opinion?
Passwords in source code, very nice!! You highlighted a huge hole in your company’s security. They shouldn’t be letting you go.
What an ignorant comment.
You messed up really bad. Internal systems passwords exposed to the public? Just learn from it and move on
Understand. Yes there’s password exposed to the public. I messed up? Yes, totally. The question could also be what harm it could cause? No systems or code running in any public domain. They are all within private network. The passwords got rotated almost immidiately regardless. Did they follow my recommendations of regular passwords rotation n github access control and overall process improvements? I don’t and can’t know.
Good thing is you know the answer to one of the behavioral questions in your next interview very well.
Rofl. Interviewer: “ok, well thanks for coming in, we’ll get back to you”
How could ‘git push’ be accidental?
Push is not but creating a public repo was the mistake where I pushed it. I overlooked the ‘public’ vs ‘private’
Why would you even take company code and try to host under your name in a public repo or even a private repo? This itself will cause a lot of issue and can be termed for theft as well
They should not have terminated you, but rather invest in training employees not to do this. There are security trainings for this sort of mistakes and they have good case studies on common mistakes . Hopefully you move on and find your next gig. What is your YOE? All the best.
20
Terminating because of legal issues. If this codebase with passwords would result in some clients information lost or any other potential lawsuits, this is a way to cover
Out of all the reasons u can get laid-off in these times, this one takes the cake. But I am sorry OP
He wasn’t laid off. He was fired
Or fired
Damn, this is a good story to tell friends and kids OP.
not really, its foolish and telling it might get you a few laughs but any engineer who hears this will understand how stupid it is. Its not like watching porn on your office laptop, which is funny and a story to tell. This is like a story line from Dumb Dumber Dumbest.
How did your security team find out that you uploaded the code publicly within 5-6 hours?
With some sort of scan they do related to dark web and hacking sites. They said this scan and alert indicates something got to that url but can’t be sure if someone really downloaded the code. At this point, I double checked my audit from github and assured there was no other users who “entered” the repo between creation n deletion
Huh, unless they have a continuous spidering of some sort I doubt someone could catch the disclosure so quickly. The other option would be to monitor employee’s laptops for data loss prevention.
reminds me of this reddit story: Accidentally destroyed production database on first day of a job, and was told to leave, on top of this i was told by the CTO that they need to get legal involved, how screwed am i? Today was my first day on the job as a Junior Software Developer and was my first non-internship position after university. Unfortunately i screwed up badly. I was basically given a document detailing how to setup my local development environment. Which involves run a small script to create my own personal DB instance from some test data. After running the command i was supposed to copy the database url/password/username outputted by the command and configure my dev environment to point to that database. Unfortunately instead of copying the values outputted by the tool, i instead for whatever reason used the values the document had. Unfortunately apparently those values were actually for the production database (why they are documented in the dev setup guide i have no idea). Then from my understanding that the tests add fake data, and clear existing data between test runs which basically cleared all the data from the production database. Honestly i had no idea what i did and it wasn't about 30 or so minutes after did someone actually figure out/realize what i did. While what i had done was sinking in. The CTO told me to leave and never come back. He also informed me that apparently legal would need to get involved due to severity of the data loss. I basically offered and pleaded to let me help in someway to redeem my self and i was told that i "completely fucked everything up". So i left. I kept an eye on slack, and from what i can tell the backups were not restoring and it seemed like the entire dev team was on full on panic mode. I sent a slack message to our CTO explaining my screw up. Only to have my slack account immediately disabled not long after sending the message. I haven't heard from HR, or anything and i am panicking to high heavens. I just moved across the country for this job, is there anything i can even remotely do to redeem my self in this situation? Can i possibly be sued for this? Should i contact HR directly? I am really confused, and terrified. EDIT Just to make it even more embarrassing, i just realized that i took the laptop i was issued home with me (i have no idea why i did this at all). EDIT 2 I just woke up, after deciding to drown my sorrows and i am shocked by the number of responses, well wishes and other things. Will do my best to sort through everything.
What happened next? Did they post any update?
I think the kid was spared. Cuz if u think about it 1, instructions should be more clear. 2. They should have security so not just anyone can cause this.
Don’t think you do since you messed up. Did they offer you any severance?
A months salary in lieu of notice. They asked me to resign several times before and after the proceedings as well. I was seriously hoping I’d get a warning as a result not the termination
Glad you got something, but still sorry about it. It sucks cause you probably could of said nothing, but at least you’re leaving a bad company. Hope you find something better.