![](/static/66c60d9f/assets/icons/icon-96x96.png)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
That Cloudflare were justifiably unhappy with the situation and wanted to take action is fine.
What’s not fine is how they approached that problem.
In my opinion, the right thing for Cloudflare to do would have been to have an open and honest conversation and set clear expectations and dates.
Example:
"We have recently conducted a review of your account and found your usage pattern far exceeds the expected levels for your plan. This usage is not sustainable for us, and to continue to provide you with service we must move you to plan x at a cost of y.
If no agreement is reached by [date x] your service will be suspended on [date y]."
Clear deadlines and clear expectations. Doesn’t that sound a lot better than giving someone the run-around, and then childishly pulling the plug when a competitor’s name is mentioned?
Yes, it absolutely is automated.
There are bots running constantly looking for things that match patterns for exploitable credentials in public commits.
AWS credentials
SSH keys
Crypto wallets
Bank card info
If you push secrets to a public github repo, they will be exploited almost immediately.