back to article SSD belonging to Euro-cloud Scaleway was stolen from back of a truck, then turned up on YouTube

It sounds like a "dog ate my homework" excuse for the cloud age, but Euro-cloud Scaleway says one of its solid-state disks was stolen from a truck, turned up in the hands of a YouTuber, and has now made its way back home. A Saturday post by CEO Yann Lechelle revealed that over a year ago, a disk was stolen while in transit …

  1. Potemkine! Silver badge

    That's a weird story. One SSD stolen? Ending in the end of a Youtuber working on data persistence? What a coincidence.

    1. Blazde Silver badge

      Have to be honest if I saw one single SSD perched on the back of an otherwise empty truck I'd be tempted to take it. That's just screaming 'nobody cares about me'.

      1. simkin

        Does it scream "it's mine"?

        If no, why even think about touching it?

    2. low_resolution_foxxes Silver badge

      Did they ever mention what kind of truck it "went missing" from?

      Logistics carriers (in particular package companies, imagine UPS/DHL/etc.) often end up with 40ft containers full of undelivered packages, your contract with them usually even says that after X attempts to deliver, the package is legally there's and they basically just sell the contents onto a weird community of people who basically buy the packages in bulk, with the intention of selling the contents, or for weirder shipments, selling them back to the original shipper.

      So in that situation, I could well imagine a tech interested in hard drives buying 'lost in transit' hard drives, and then buying one & getting in contact with them. I work in a sales department shipping internationally, and we've probably had 4-5 incidents where packages worth more than £10k just went missing, only to reappear on eBay, or with some weird middleman trying to sell them back to us (with confirmed serial numbers).

      1. mark l 2 Silver badge

        Joe Lycett did a piece on Hermes reselling of 'undeliverable' parcels a couple of years ago. And found that lots of the parcels that were being sold off as undeliverable had clear sender details on them and Hermes had made no attempt to return them back to the sender, like they are supposed to.

        I myself have had a few parcels go missing that were sent with Hermes and every parcel I send has my return address on it, yet never had one of them returned and had to claim for a lost parcel.

        1. AndrueC Silver badge
          Unhappy

          I can believe that. I ordered a portable A/C unit a couple of months ago. It was supposed to be delivered by Hermes and their own tracking showed it being picked up and taken to their Warrington warehouse. After that no other movements were recorded. After a week the reseller refunded me and I took my business elsewhere.

          There's clearly no way that a portable A/C unit (over a metre tall, weighing in excess of 20kg) can get misplaced. It's hardly likely to have been dropped and accidentally kicked under a bench. Nor is it likely to have got pushed off said bench and fallen down the back.

          Something nefarious happened to it.

          1. Alan Brown Silver badge

            Given my experience with Hermes - both for work and home deliveries, I wouldn't entrust them with anything of mine

            They've tried to dodge their responsibilities by using "Photographic evidence of delivery (handed to recipient)" showing the package perched on a fence next to a footpath (lasted about 5 minutes before being stolen) or on the mat in front of a closed door clearly labelled with the wrong address

            The factor that the photos PROVE misdelivery seems to escape their notice

            1. Helcat

              Yup: Had the Hermes 'photo' proof of delivery - to my neighbour. Only they were standing where the neighbour's car would be had they been in and there was no parcel in view. The photo was also taken on a dry, sunny day when the delivery date was overcast and had rained that morning. They also didn't take a photo of my door as they never approached it else I'd have sent them a picture - date/time stamped - of them taking the photo.

              Yes, I have a motion sensor door camera - it's the doorbell so useful if I'm out back or up top of the house as I can at least tell them I'll be a minute...

          2. Anonymous Coward
            Anonymous Coward

            I dunno man. The Hermes depot in Weybridge is massive.

          3. Missing Semicolon Silver badge

            Hermes "lost" a Beer52 box sent to a relation as a gift. Claimed the business address (of an office with a massive sign outside on an industrial park) "could not be found".

            Hermes = theives.

            Beer52 = yum.

      2. tip pc Silver badge

        Had a pallet of Cisco switches disappear before.

        They where new with no config so no security issue especially as they never reappeared. ~£50k vanished.

        Luckily they where not needed for a while and we had other new kit we repurposed so didn’t suffer too much delay on a refresh project.

    3. Anonymous Coward Silver badge
      Holmes

      > One SSD stolen?

      I can imagine some damaged packaging and one disk falling out in the back of the truck. Driver not noticing it until the end of the day (or several stops later) and not knowing what drop it was intended for, so just sticking it on ebay.

    4. big_D Silver badge

      Improbable, but not impossible.

      c't magazine regularly buys random drives on eBay to look for residual data and where the drives come from. They've had drives from refurbishers, who took old council computers, simply removed the drives and stuffed them on eBay, for example.

      Old photocopier drives also often come to light...

      There are plenty of people out there, who look into the security of 2nd hand devices and 2nd hand storage, so it isn't as improbable as it seems. The odds are still fairly high, but not astronomically so.

      1. Alan Brown Silver badge

        This is precisely why I insist on erasing all drives before they go out the door.

        Manglement insist that handing them over to recyclers ´as-is' is fine because "they certifty destruction".

        Yes, until the drives show up on Ebay with data still on them and then MY head is on the block.

        1. big_D Silver badge

          At my previous employer, we drilled them all with several holes. Now they are usually shredded.

          1. A.P. Veening Silver badge

            At a previous employer, a colleague, who was also a sniper with the National Reserve (part time military), used a couple for target practice (one at a time from a raid set). The results were interesting.

            1. J. Cook Silver badge

              They do make a lovely "PING!!!" noise when they are hit, even moreso when the round goes in or through them...

              1. Richocet

                My friend got a short-term job destroying hard drives for the defense department.

                The only tool they gave him was a sledgehammer.

                He said it was great for physical fitness.

      2. Old Used Programmer Silver badge

        More than one way...

        My niece worked at specialty steel fabricator. When they replaced a bunch of PCs, they took the drives out to the fabrication yard, neatly laid them out on the ground and then brought over a crane with a "magnetic hook" rated for 50 tons. Lowered the hook over the drives and turned in on.

        Apparently, this caused all the drives to stand up on end and wave back and forth until the hook was turned off.

        Checking random drives afterwards showed nothing on them, not even formatting.

  2. Fruit and Nutcase Silver badge
    Coat

    Carrier Pidegon

    Or for bigger payloads, how about Vultures?

    http://news.bbc.co.uk/1/hi/world/africa/8248056.stm

    1. lglethal Silver badge
      Trollface

      Re: Carrier Pidegon

      Would that be African Vultures or European Vultures?

      (where's the Monty Python icon?)

      1. Graham Dawson Silver badge

        Re: Carrier Pidegon

        Probably in the ravine.

    2. Anomalous Cowturd
      Boffin

      Re: Carrier Pidegon

      RFC1149 meets the 21st century.

      https://datatracker.ietf.org/doc/html/rfc1149

  3. Wanting more

    encryption?

    Have they not heard of encryption at rest? For any disks / data leaving the organisation I'd expect that to be standard / mandatory.

    1. Hans Neeson-Bumpsadese

      Re: encryption?

      TBF, I didn't see anything in the article to suggest that the data wasn't encrypted. It's possible that the YouTuber identified to disk owner from an asset sticker on the disk or packaging, rather than by reading data from this disk itself.

      1. Anonymous Coward
        Anonymous Coward

        Re: encryption?

        The french youtuber's name is Micode and the data wasn't encrypted at all, the disk was just badly formatted and he managed to find a lot of data from an Italian VPS client of the hosting company, including the source code of one of their applications, ssh keys, etc...

      2. Tomato Krill

        Re: encryption?

        The el reg article itself says ssh keys were found…

  4. Anonymous Coward
    Anonymous Coward

    I'm a bit sceptical

    such "accidents" happened in the past, part of a marketing strategy (free publicity). I'd think large company would shy from such 'tactics', but in this day and age, it seems, anything goes.

    1. This post has been deleted by its author

    2. Claud9

      Re: I'm a bit sceptical

      This is most likely not a joke. The name of the youtuber is Micode, you can go and see his video if you understand French, and the host even threatened him (he didn't reveal any names) because he published several videos about it.

    3. diodesign (Written by Reg staff) Silver badge

      Re: I'm a bit sceptical

      There's such a thing as "all publicity is good publicity" but I think this is an exception in this case.

      The final YouTube video on this saga is here. It's all in French. If an English-speaking YTer picked this up, I would expect this to be all over the news more.

      C.

      1. Yet Another Anonymous coward Silver badge

        Re: I'm a bit sceptical

        So at least the discovery of the disk was encrypted

  5. Anonymous Coward
    Anonymous Coward

    Then, nothing happened

    > A Saturday post by CEO Yann Lechelle revealed that over a year ago, a disk was stolen while in transit between two Scaleway data centres.

    The blog post was published after the 3 part video series by Micode (started in May 2021), and after someone named Scaleway as the provider on LowEndTalk: https://www.lowendtalk.com/discussion/172819/scaleway-ssd-with-customer-data-purchased-on-classified-ads-website-by-french-vlogger

    > Scaleway warned clients about the incident.

    Not until June 2021, according to one of the customers who had their data exposed.

    > Then, nothing happened until, according to Lechelle, a YouTuber bought the disk on a classifieds site.

    Indeed, including not releasing a public statement until over 2 months after they were aware of the incident: https://twitter.com/Micode/status/1395640486715662336

    > It sounds like a "dog ate my homework" excuse for the cloud age

    It is. Affected customers were warned in June 2021, after Scaleway were contacted by Micode. Scaleway did not publish a public statement regarding the incident until after their name was already being thrown around Twitter, YouTube, and LowEndTalk.

  6. Anonymous Coward
    Anonymous Coward

    "A disk was stolen"

    You can bet it was more than one disk. They are just admitting to the one that happened to end up on YouTube...

  7. SuperGeek

    Is everyone forgetting..

    It was unencrypted? Why??!??

    1. Richocet

      Re: Is everyone forgetting..

      Because your get about 20% more capacity and performance from disks by running them unencrypted?

      That adds up over a data center.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021