Had similar happen to me but to the tune of £12k!
When AWS was first launched the keys were not able to be limited. Amazon soon changed that and now don't let you even get your root key anymore other then when first created.
A company I previously worked for had code that had my keys (as a favour as the start-up company was run by a friend and they were using my S3 until they had set up a company payment card). - I know, stupid me, never share your keys with anyone, blah blah. I also share my car keys (oh-er missus) with friends and they do likewise and I didn't think the value of my amazon account was on par with the value of my car - after all I have my credit card linked as teh payment mechinism and that has a low limit, so whats the worst that could happen right?
Well, new dev decided to put the companies jewels into GitHub (rather than the in house SVN I set up for them). And, as they didn't have a company payment card just used a public repo instead. First thing I knew was an email from Amazon on a Sunday morning saying my account looked compromised.
It took me all of half an hour to lock everything down but as this had started sometime the night before my final bill was over £12k.
One phone call to Amazon however took care of it all, they had seen this happen before and with barely any checks asked me for my estimated 'legit' usage and issued a credit against the account for the difference.
As much as everyone seems to hate Amazon for it's customer focus (at the expense of employee focus by all accounts) it served me very well in this instance.
Did make me wonder how much bit-coin someone managed to mine in that time.