March 19, 2026

Cloud jail, no bail

Article URL →HN comments →

Ask HN: AWS account restricted 18h despite remediation (Case 177385077300217)

18 hours offline, no answers, and the internet is fuming

TLDR: A startup says Amazon Web Services locked its account for 18 hours after a security scare, leaving it completely offline despite claiming to fix the problem. Commenters split between blaming the company for leaked keys and blasting AWS for slow, opaque support—and cheered an AWS staffer who jumped in.

Hacker News went full siren mode after Qcart said its entire business went dark when Amazon Web Services (AWS) locked their account for 18 hours over an exposed CircleCI key (think: a developer tool password). Qcart claims they fixed the leak immediately and pleaded for a human review—then got the dreaded corporate auto-reply: “The specialized team is looking into it.” Cue community meltdown.

The loudest chorus shouted: this is “cloud jail” with no bail. People blasted the silence, saying if AWS can shut off a company’s lights, it needs a 24/7 hotline that actually answers. Others pushed the tough love: you leaked keys, you pay the price; have backups, a “break-glass” plan, and maybe don’t bet the farm on one cloud. The split became the drama: is this security or security theater?

One bright spot: an AWS employee jumped in, apologizing and offering to help unstick the case via LinkedIn. The crowd cheered the rescue, then side-eyed the system—“Why does it take knowing a human to get help?” Memes flew: “Have you tried turning AWS off and on again?”, “Vendor lock-in turned vendor lock-out,” and “Press the Bezos red phone.” The verdict from the bleachers: fix the leak, sure—but fix the support playbook, too.

Key Points

  • Qcart’s AWS account was restricted by AWS Trust & Safety due to an exposed CircleCI access key.
  • The incident caused a 100% production outage across multiple countries for Qcart.
  • Qcart deleted the implicated IAM user and keys, rotated credentials, and confirmed remediation in the support case.
  • More than 18 hours after remediation, Qcart reports no substantive updates from AWS and the account remains restricted.
  • Qcart seeks assistance to have a human review the resolved security flag and provided Case ID 177385077300217.

Hottest takes

“I work at AWS and … am attempting to get this unstuck for you” — coreydst

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.