Re: Why were they locked out?
Hmmm. I wonder if DO might not mistakenly have stepped in from the opposite side of the mistake, trying to spare the customer grief.
We hear many cases of cloud auth compromises where the hapless customer is left with $$$$$ bills of cryptomining or the like.
I have a very low $$$ threshold limit because my VMs just sit there at a predictable monthly rate. Past that I get an email.
But if DO had hijack safeguards, perhaps incorrectly defined/parametrized, they might have been thinking this massive spin up was a sign of credentials compromise.
Even freezing backups can help there. Remember the 2-3 stories so far of cloud hosted companies whose backups were terminally erased after key losses? One more reason to back up elsewhere.
Yes, interested in what debriefing will have to say. Especially the “what procedures does DO have to put someone on the phone that can fix things (but not be social-engineered)”.
Biting the hand that feeds IT
