Cloud storage is extremely convenient, but it doesn't come without some risks. Now, a software engineer and self-proclaimed open-source enthusiast is claiming to have lost 10 years' worth of data saved on the Amazon Web Services (AWS) cloud.
In a lengthy blog post published on Seuros, the software engineer details "a catastrophic internal mistake at AWS MENA" that led to 20 days of support futility and, ultimately, no meaningful resolution.
Abdelkader Boudih, aka Seuros, lays out the background of the problem in the blog post (via Tom's Hardware). According to Boudih, the AWS deletion wiped out a trove of developer tools that were saved to the cloud in an attempt to get away from the chaos of their desktop.
Circuit breaker patterns for Ruby, time-based state machines, performance monitoring tools for Rails, an entire programming book written in their own style, electronics tutorials, Ruby developer lessons, and "years of unpublished work that could have helped thousands" were included in the wipe.
As Boudih states, this AWS deletion didn't just hurt the user but also any developers who use these tools.
When AWS deleted my account, they didn’t just hurt me. They hurt every developer who uses my gems. Every student who could have learned from those tutorials. Every future contribution that won’t happen because my workflow is destroyed.
Abdelkader Boudih (aka Seuros)
Boudih explains that this wasn't a regular data loss, and that the tools and suggestions provided by AWS should have been safeguards. Boudih claims to have used multi-region replication, a dead man's switch for recovery, proper backup architectures (based on AWS suggestions), and segregated encryption keys.
The only thing Boudih didn't plan for was "AWS itself becoming the extinction event." Of course, no extinction event comes without some attempts to recover what was lost, which kicked off, as Boudih calls it, a "20-day support nightmare."
It all began with a simple verification request from AWS, which expired before Boudih could respond. The next form arrived and required ID and a copy of a utility bill, which Boudih sent in. AWS claimed the document was unreadable. The next day, Boudih's account was terminated.
The trail didn't end there, as Boudih attempted to find out if the data was still in existence. The penultimate message from support read, "Because the account verification wasn’t completed by this date, the resources on the account were terminated." The final message had AWS asking for feedback on the experience.
Despite jumping through all of the hoops set up by the AWS support team, Boudih says they received "zero straight answers" and "multiple requests for 5-star reviews" while their data hung in the balance.
Boudih is rightly upset, especially since AWS documentation states that there is a 90-day grace period between account closure and data deletion. After those 90 days, the account is closed forever, and all data is deleted. Considering Boudih never made it past 20 days, it seems like AWS is at least partly at fault here.
AWS ultimately blamed the account's destruction on an issue with a third-party payer, but Boudih outlines why that doesn't exactly make sense; billing could have been switched to a different card on file, or, at the very least, there could have been a suspension of service rather than complete deletion.
AWS responds to Boudih's claims, and an 'AWS insider' suggests a conspiracy
Having news that your cloud storage service is deleting user data isn't something that AWS wants. In response to the original reporting at Tom's Hardware, an AWS spokesperson reached out to offer a statement:
We always strive to work with customers to resolve account issues and provided an advance warning of the potential account suspension. The account was suspended as part of AWS’s standard security protocols for accounts that fail the required verification, and it is incorrect to claim this was because of a system error or accident.
AWS spokesperson
This is no doubt in response to Boudih's claims that an AWS insider had reached out shortly after the Seuros blog post began circulating publicly.
The insider suggested that AWS MENA (the second acronym stands for Middle East and North Africa) was "running some kind of proof of concept on 'dormant' and 'low-activity' accounts." It wasn't just Boudih's account that was affected.
It gets technical from this point on, but it basically boils down to the assumption that an AWS developer typed the wrong command and ended up deleting accounts that were still very much in use, like Boudih's.
There's no real proof that any of this happened, but Boudih points to the slow progress and ineffective feedback from support as explanations for a potential cover-up.
Another sober reminder that cloud storage is not as safe as you think it is
Lately, it seems that there have been more high-profile data loss stories than usual. In June, a OneDrive user was locked out of "30 years' worth of photos and work", receiving no help from Microsoft support.
More recently, a LibreOffice — an open-source competitor for Microsoft Office — developer had their Microsoft account locked after sharing some notes on bugs and fixes in an email. The developer eventually regained access to their account, but I don't expect they'll stick around for long.
This is your reminder not to put so much trust in cloud storage services. They're convenient, but they clearly come with some risks. Even in our tech-heavy 2025 world, a good ol' USB drive or external SSD is still the way to go, at least as a secondary backup.
Closing out the blog post, Boudih explains that they're developing a free tool that will help people get their data out of AWS: "My clients — representing over $400k/month in AWS billing — have already agreed to migrate to Oracle OCI, Azure, and Google Cloud."
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
