The author recounts a frightening experience of having their personal AWS account hacked, detailing the sequence of events and their response. Initially, they were shocked at how quickly the attack unfolded, despite their background in security. The attacker gained access through programmatic AWS keys tied to the author's account, created multiple IAM users, and launched EC2 instances, resulting in a staggering 400% spike in spending. The author acted swiftly, resetting passwords, deleting unauthorized users, and terminating the rogue EC2 instances. In the aftermath, the author analyzed how the breach occurred, pinpointing a vulnerability in their website's code. They had implemented Server Side Rendering using NextJS, which inadvertently exposed backend code, including AWS keys. This lapse in security allowed the attacker to operate undetected for a time. After contacting AWS support, the account was placed in an "Under Attack" state, restricting certain actions until the threat was neutralized. The author emphasizes the importance of designing security measures proactively rather than relying on reactive fixes, noting the lessons learned from this incident.