I've read this one a few times and each time I see it I keep getting more and more pissed at Stripe.
Customer: Hey, someone is using your product to steal money as I am seeing a ton of fraudulent donation transactions. Can you undo these?
Stripe: lol, no, u fix it
Why did the customer have to even think of writing a script to begin to unfuck the situation here? Why did the customer have to do a ton of legwork to fix the situation?
Terrifying story, but missing some obvious mitigations: rate limits. A rate limit on the number of transactions and the cumulative amount would have largely prevented this. It's saved me many times.
Customer: Hey, someone is using your product to steal money as I am seeing a ton of fraudulent donation transactions. Can you undo these?
Stripe: lol, no, u fix it
Why did the customer have to even think of writing a script to begin to unfuck the situation here? Why did the customer have to do a ton of legwork to fix the situation?