Comment by preperat

The Railway detail is the part that sticks. Backups stored inside the same volume they're backing up isn't really a backup, it's a snapshot with extra steps. Delete the volume, delete the evidence. That said, credential scoping should have been the first line here. A token that can destroy production infrastructure shouldn't exist in a dev environment config, full stop.