Apparently, Starbucks developers are not drinking their 4lb monthly quota of free Java. Someone left their JumpCloud API key in the clear on GitHub! Quick call security! The issue, since resolved, could have allowed attackers to execute commands on systems, buy free lattes and frappuccinos, add/remove users, which have access to internal systems, and potentially lead to an all out AWS account takeover. Everyone is happy now including the bug bounty researcher. I wish I had the "skill" to grep GitHub repos for these kinds of patterns or even just do this https://searchcode.com/?q=apikey and make thousands too... don't get me wrong I do admire the ethics and responsible discourse that this industry has created for good.