AWS accused of a ‘digital execution’ after it deleted 10 years of users' data without warning — software engineer details “complete digital annihilation” at the hands of AWS admins, claims false excuses given for account deletion
And the cloud giant is accused of a 'cover up' with the verification requested only after someone had accidentally wiped all the user's data.
A software engineer has warned against trusting cloud data storage services in a painstakingly detailed blog post detailing their own “complete digital annihilation” at the hands of AWS admins. Developer Abdelkader Boudih, pen name Seuros, says they had been a fee-paying AWS subscriber for a decade, with the cloud service becoming a firm part of their workflow. Suffice to say, the developer’s long-standing relationship with AWS has now ended acrimoniously.
Boudih says lots of important data has been lost, including a complete programming book, electronics tutorials, and years of unpublished code. Boudih admits that “AWS wasn’t just my backup—it was my clean room for open source development.” In other words, it was a tidy repository away from the “chaos” of the desktop. The dev reckons AWS’s multi-region replication and architecture should have been his backup…
Interestingly, Boudih claims they subsequently got a tip from an ‘AWS insider’ indicating that all their data was wiped due to a simple syntax error during a customer account audit, and all the correspondence Boudih had received about account verification was just a smokescreen.
It started with an innocuous verification request
On Thursday, July 10, Boudih received a verification request with a 5-day response deadline (countdown time included the weekend). Then follows a tale as old as time, where there are delays and escalations, verification ID requests, canned responses from the service provider not addressing actual queries, and so on. By July 23, Boudih was rocked as he received an “account terminated” notification.
Over the next few days of template-driven dialog with an AWS service team rep, Boudih was starting to worry that their data had also been rendered into “digital ashes.” Indeed, Boudih found out it had been wiped, and in the interim, reasonable requests for read-only access had been ignored. “Because the account verification wasn’t completed by this date, the resources on the account were terminated,” wrote an AWS rep or bot. Then they asked for a 5-star review…
Boudih highlights that this “20 day support nightmare” doesn’t seem to tally with AWS’s public policy of putting closed accounts on ice for 90 days, during which they “can be reopened and data is retained,” according to service provider documentation. However, Boudih’s account wasn’t voluntarily closed, but suspended by AWS for ‘verification failure,’ a procedure without public documentation.
'AWS insider' hints at a cover-up
We’ve already established that Boudih is a software engineer, but ironically, some of the open-source code segments Boudih has shared “probably run in AWS’s own infrastructure, making their systems more reliable.” Underlining the implications, the disgruntled dev added, “And they deleted the very environment that created them.”
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Due to Boudih's status in the open-source community, Boudih says an AWS insider reached out with a fascinating backstory about what really happened in the AWS offices on or around July 20. According to this source, the initial verification request and suspension of the account were simply a smokescreen, as all Boudih’s data had already been wiped by accident.
Data extinction event
The theory that emerges is that a syntax difference between Ruby and Java scripting meant that when an AWS admin was “running some kind of proof of concept on ‘dormant’ and ‘low-activity’ accounts,” they accidentally wiped live accounts instead of executing a dry run to check the results. In Boudih’s words, “Java’s 1995-era parameter parsing turned a simulation into an extinction event.”
Boudih thinks that he wasn’t the only person affected by what he describes as a “cover up” at AWS MENA (Middle East & North Africa). The dev goes on to assert that AWS can’t just brush this customer off with scripted non-replies.
Now Boudih says they are “building a free tool to help people exodus from AWS,” as well as guiding clients worth $400k/month in AWS billing to migrate to services from Oracle OCI, Azure, and Google Cloud.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
Mark Tyson is a news editor at Tom's Hardware. He enjoys covering the full breadth of PC tech; from business and semiconductor design to products approaching the edge of reason.
-
Hooda Thunkett I don't find any of this surprising. There's an oldish saying: "There is no cloud. It's just someone else's computer."Reply -
chaz_music Uhm ... isn't the attraction to these kind of services is that they keep backups? You know: backing up your data just in case of failures or errors, just like this internal AWS goof?Reply
In general, I don't believe you should trust others with your critical data and I keep it local for that reason. Having your data out on a cloud service or platform storage means that not only can the data just go away like this, it can also be stolen. And consider any of these kind of platforms as potentially dangerous: AWS, Onedrive, Dropbox, Gmail, Google Docs and Office 365, and email and texts of any kind that are stored externally on someone's servers.
If your data means anything to you, keep it local, and periodically make backups. If your data is very important to you, then even save backups off site, i.e., copy to a RAID array and save those drives at someone else's location (trusted friend, grandma's house, another business, etc.). -
voyteck Reply
Or the other way around: work on a file stored in the cloud and make a local copy regularly. Actually, making local copies only seems the worst solution to me unless the data is stored outside. A burglary or a fire--and you lose everything anyway.chaz_music said:If your data means anything to you, keep it local, and periodically make backups. -
Dementoss Keeping all your essential data in one place in the 'cloud', regardless of data security claims made by the company you choose, seems mad. Surely no company should put themselves in a position, where they are able to lose all their essential data, because of one mistake.Reply -
DS426 Reply
Cloud data can be backed up by other providers and tools. For example, Gmail has Google Takeout to export one's own data, and then there's at least one free tool out there that connects via IMAP to download Gmail emails and such. Office 365 isn't backed up automatically, just as most cloud services aren't and require (or *SHOULD have*) a 3rd party provider or local source that the data is backed up to. Barracuda, Veeam, and others have M365 Backup, typically using cloud-to-cloud backup.chaz_music said:Uhm ... isn't the attraction to these kind of services is that they keep backups? You know: backing up your data just in case of failures or errors, just like this internal AWS goof?
In general, I don't believe you should trust others with your critical data and I keep it local for that reason. Having your data out on a cloud service or platform storage means that not only can the data just go away like this, it can also be stolen. And consider any of these kind of platforms as potentially dangerous: AWS, Onedrive, Dropbox, Gmail, Google Docs and Office 365, and email and texts of any kind that are stored externally on someone's servers.
If your data means anything to you, keep it local, and periodically make backups. If your data is very important to you, then even save backups off site, i.e., copy to a RAID array and save those drives at someone else's location (trusted friend, grandma's house, another business, etc.).
I think the main takeaway of this article should be this: not trusting all of one's data with a single provider, cloud or not. -
SomeoneElse23 I thought it was common knowledge that an offline backup is required.Reply
But based on the number of successful ransomware attacks and cloud disasters, apparently it's not common knowledge. -
Pierce2623 Reply
I agree 100%. Dude was crazy for using it as his primary storage. Roll Tide!chaz_music said:Uhm ... isn't the attraction to these kind of services is that they keep backups? You know: backing up your data just in case of failures or errors, just like this internal AWS goof?
In general, I don't believe you should trust others with your critical data and I keep it local for that reason. Having your data out on a cloud service or platform storage means that not only can the data just go away like this, it can also be stolen. And consider any of these kind of platforms as potentially dangerous: AWS, Onedrive, Dropbox, Gmail, Google Docs and Office 365, and email and texts of any kind that are stored externally on someone's servers.
If your data means anything to you, keep it local, and periodically make backups. If your data is very important to you, then even save backups off site, i.e., copy to a RAID array and save those drives at someone else's location (trusted friend, grandma's house, another business, etc.). -
Alvar "Miles" Udell Software engineer with over a decade of experience doesn't use backups because he said AWS's features should have been his backup...Doesn't matter that AWS possibly did something shady, still his fault.Reply