There is actually a lot more steps than just disabling the access key creds of the compromised account as mentioned in the lesson.
In fact, as mentioned by AWS: "Rotating the credentials for the IAM user whose credentials were exposed will not invalidate any temporary credentials that were obtained using the user’s credentials. However, if it’s practical for you to delete the IAM user, do that. This causes authentication attempts for temporary credentials associated with that user to fail."
Please add the necessary info in the lesson, as its totally incomplete and does not reflect what AWS advises.