Nice story :)
AWS knows before the hacker that your keys are compromised. They are running a similar script/program to check whether your keys are publicly exposed.
So you know that for a fact? Or are you guessing?
I've found Slack (@SlackHQ) support to be awesome too.
I have seen instances like this before where some guys would have exposed their repo publicly with the keys and immediately started receiving emails from AWS that their keys are compromised. I am guessing the fact they would have done it the same way the hackers are doing it.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.