All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Scaleway SSD with customer data purchased on classified ads website by French vlogger
Moonlight_Trenchcoat
Member
In a May 2021 tweet, the French vlogger Micode asked their Twitter followers to identify the data on an SSD they purchased on the local classified ads website leboncoin:
What followed was a series of 3 videos from Micode:
- j'ai fouillé des disques durs sur leboncoin
- j'ai fouillé le mystérieux disque dur de leboncoin
- la vérité sur le disque dur volé de leboncoin
Micode has declined to name the provider directly and the provider themselves have not, to my knowledge, issued an official statement regarding this data disclosure.
The provider is Scaleway and the SSD most probably comes from a Suchard (VC1S) hypervisor, judging by the dates and the fact that it is SATA (Tagada and newer hypervisors utilize NVMe storage).
I state this information in the capacity as a former Scaleway employee who left the enterprise several years ago. During my employment, Scaleway did not regularly resell decommissioned hardware.
I don't know how the SSD ended up for sale on leboncoin, whether it was a theft or a change in policy regarding decommissioned hardware. However, in my opinion Scaleway's data center logistics were never that good, and it would not surprise me to learn that someone walked out of the data center with some SSDs from a decommissioning.
I am willing to provide proof of employment to a moderator for verification if necessary.
Comments
Nominating @angstrom to welcome this guy as he does this very well.
I can step in on behalf of angstrom for this one.
Welcome to LowEndTalk and congratulations on your first post.
The LowEndDetectives will be with you shortly.
Thank you for your patience.
Scaleway have released a blog post (currently only in French) confirming the incident: https://blog.scaleway.com/incident-securitaire-video-youtube/
I am very dubious of the claim that they informed customers immediately, as I have heard that the responsible team at Scaleway was asked in May 2021 to locate the customers after Scaleway were informed by Micode of the possession of customer data.
If any such customer exists, perhaps they would be kind enough to tell us when they were informed their data was exposed
It is sad, but not surprising, that Scaleway were not more proactive and transparent in their messaging about this. The blog release after a three part video series is damage control and nothing more.
The concerned customers (I am one of them) received a support ticket on June 2nd
They gained a lot of instant respect in the industry for releasing the Scaleway brand but I always felt it was undeserved because I remember quite fondly that they were first Online.net.
Though I am surprised that a working disk ever made it out of their racks. Used to be that you’d have to fight tooth and nail to get them to abandon a dead drive. No one got more mileage out of a drive than offline.net.
Funny that this actually had me wondering if they’re a cleaner operation now.
IANAL of course, but it looks to me that this vlogger has publicly admitted to purchase and possession of stolen goods (recel de vol in French), for which the penalties can go up to 5 years in prison and up to 375K euros in fines. And that might be nothing compared to the intellectual property ramifications.
The drive comes out functional if the server dies first. Atom C2000 CPU
Does he actually admit that? And even more that he knew it was stolen?
In the blog post linked by Moonlight_Trenchcoat, Scaleway states that they have reported the theft to the authorities when it happened, about a year ago.
Watching the videos requires a great deal of patience because of the heavy editing (and the vlogger's way of talking), but in episode 3 he eventually states that the disk belonged to a hosting company. He'd have a hard time claiming he didn't know it was stolen, since he has so many YouTube videos in which he claims to be an IT expert.
As for the disk, the physical object is Scaleway's property, so it's up to them to decide what to do. The data however is the property of the various Scaleway customers, and that's up to them to decide whether or not to sue Scaleway for breach of contract and/or the vlogger for possession of stolen goods.
The vlogger's position might be even worse if he did receive revenue from the videos, say in the form of ad revenue.
This gonna sounds a little rude, but why you decided to share French version of text (not English or both...) and as a fucking screenshot, not a text?
interesting, when i type
scalewayon twitter, it suggest this dramascaleway micodeall content from French. I'm surprise 2 days passed but this still not exist on any online newspaper, even on any English forum, reddit except LowEndTalkSince Scaleway did not release their statement in English, below is the original French and English translation.
The YouTuber they talk about is Micode and if Scaleway knew for over 1 year, why do they only mention it now?
Maybe they consider "transparency to customers" as their top priority going forward
Let us see who has the better SEO
Translation:
Question is, do they re-brand again?
Dude reposted my tweet
The email for this ticket is dated
Date: Wed, 02 Jun 2021 13:06:27 +0000and here's the english part:Hi Jerome, I didn't know it came from you.
I found the screenshot on a Telegram channel
No worries, now you got the plaintext
From his message I would said he claims he got that message. Maybe he was just too lazy to screenshot his own e-mail and took your twitter picture? Confusing, 2021 year is a strange year, soon everything will be video-only.
Thanks for plain text and English version!
Thanks for this. I see two possibilities:
I’m as confused as you are, think I will request clarifications on the ticket