The Brooks Review

So You Thought DigitalOcean Was Great?

I’ve never used DigitalOcean (and I’m glad about that), but I’ve been hearing about many people loving their service. There was an issue [posted on GitHub](https://github.com/fog/fog/issues/2525) detailing a flaw in the way user data was deleted from DigitalOcean servers. This flaw lead to data being “leaked” between user accounts. The discussion was then moved over…

I’ve never used DigitalOcean (and I’m glad about that), but I’ve been hearing about many people loving their service. There was an issue [posted on GitHub](https://github.com/fog/fog/issues/2525) detailing a flaw in the way user data was deleted from DigitalOcean servers. This flaw lead to data being “leaked” between user accounts. The discussion was then moved over to DigitalOcean [here](http://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/5280685-scrub-vms-on-delete-by-default).

Essentially all data could be wiped, but it required the user to check a specific box, or call a poorly documented part of the API — in other words it was a bad design decision from DigitalOcean. This isn’t good at all, as Apache logs were being pulled from other user accounts.

However, [DigitalOcean’s response was horrible](https://digitalocean.com/blog_posts/transparency-regarding-data-security). Instead of owning the issue and making a change, they offered a qualified excuse, committed to changing, and then (if the comments are any indication) lied about data being leaked.

Here’s what DigitalOcean said in their post:

> At no time was customer data “leaked” between accounts.

Jeffrey Paul’s comment on that same post:

> For fuck’s sake, now you’re just lying.

> Not scrubbing has been the default – a user doesn’t have to “explicitly not scrub”.

> If no customer data leaked between accounts, how was I able to read someone else’s stack traces[1], web logs[2], and customer tokens[3] on a freshly provisioned VM? (I am the person who got bitten by this dark pattern, investigated further, verified your error, filed the bug in fog, and then spent half my Monday auditing credentials because you LEAK DATA BETWEEN CUSTOMERS.)

> What follows is evidence to directly support the claim that you’re lying through your teeth to save face after having been caught being grossly irresponsible with your customers’ data.

> Please start acting like professionals.

> [1] http://i.imgur.com/TMp2kdf.png

> [2] http://i.imgur.com/WLv2qSE.png

> [3] http://i.imgur.com/fJOxRN9.png

There’s a few other comments supporting his claim too.

I’d run away from DigitalOcean if I was using them.

Note: This site makes use of affiliate links where and when possible. These links may earn this site money when utilized.

BECOME A MEMBER

Join Today, for Exclusive Access.

Click to Join

Posted

in

by

Ben Brooks