Can attest, once racked up $10k AWS bill due to a silly mistake, got it nulled. That was a great lesson about how fast things can go wrong with pay-as-you-go pricing if not monitored.
It's embarrassing to write that now but I accidentally left private key for EC2 instance publicly available on GitHub. And I think what happened is that a bot scraped that key and used my resources to mine Bitcoin.
This seems quite common. I have heard several stories to this effect. Faulty firewall settings or keys committed to the repo seem to be the common two.
