AWS wiped my account of 10 years, says open source dev
- Reference: 1754487909
- News link: https://www.theregister.co.uk/2025/08/06/aws_wipes_ten_years/
- Source link:
Abdelkader Boudih, who goes by the handle [1]Seuros , is a software engineer who has produced numerous Ruby gems used in production systems worldwide, and even claims that the developers within Amazon's cloud biz ask him regularly for help with Ruby issues.
However, that didn't help save his account from being deleted without warning by the company, apparently due to a verification failure – though the developer suspects the real reason may have been a snafu during testing of a script by AWS itself.
[2]
On his [3]blog , the developer explains how he received a verification request from AWS on July 10, with a five-day deadline. Over the next several days, he went back and forth with the cloud giant's customer support, finally submitting ID and a utility bill.
[4]
[5]
The next day, AWS responded, claiming that his documentation was unreadable, and the day after that (July 23), the account was terminated, he says.
The cloud operator normally provides a 90-day grace period, during which an account can be reopened, before the account is "permanently closed" and all its content, including snapshots and backups, is wiped.
[6]
But despite repeated requests by Boudih to get temporary read-only access in order to back up his data, AWS finally disclosed on July 29 that all the resources had been terminated when the account was not verified in time.
However, the developer concedes that the bills for his cloud account were being covered by an AWS consultant who suddenly pulled their support. This arrangement had been in place for almost a year, with the benefactor paying about $200 per month to cover Boudih's test infrastructure.
He claims that AWS still had the details of his personal payment card associated with the account, but refused to switch billing back to that card for 20 days, citing "privacy" concerns. It appears the cloud giant had some unexplained issue with the consultant and wanted them validated, but Boudih is somewhat circumspect about the exact details.
[7]
Later, an AWS insider contacted him to share what they knew regarding what actually happened – out of gratitude, the developer claims, because the cloud platform itself uses open source code Boudih created.
[8]Brit watchdog pushes to rein in Microsoft and AWS with 'strategic market status'
[9]AWS Lambda loves charging for idle time: Vercel claims it found a way to dodge the bill
[10]Datacenter lobby blows a fuse over EU efficiency proposals
[11]Compromised Amazon Q extension told AI to delete everything – and it shipped
The informant told him that the company had been running a proof-of-concept algorithm to apply to "dormant" and "low-activity" accounts. The developer running the test typed --dry to execute a dry run only of the code, said to be standard practice across modern languages. But the proof-of-concept had been written in Java, which does not recognize --dry , and so the script executed for real, actually deleting user accounts.
Boudih questions whether this is what actually happened to his account, as he says the insider was "vague, worried about being identified." He says that, if true, it would explain all the mysterious delays, the refusal to confirm whether his data was safe or not, and the inability of the support agents to actually do anything.
But regardless of the cause, the end result, he says, is that AWS wiped his entire testbed environment, including backups, plus documentation Boudih had created such as a programming book and tutorials.
An AWS spokesperson told The Register : "We always strive to work with customers to resolve account issues and provided advance warning of the potential account suspension. The account was suspended as part of AWS's standard security protocols for accounts that fail the required verification, and it is incorrect to claim this was because of a system error or accident."
If nothing else, this serves as a salutary reminder that you cannot rely on cloud platforms to keep your data safe – which is why many organizations will never put their mission-critical workloads into a public cloud – and that you should always have your own backups. ®
Get our [12]Tech Resources
[1] https://github.com/seuros
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cloudinfrastructuremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aJN8B9VLpITvPuNhV1BGWAAAAEw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.seuros.com/blog/aws-deleted-my-10-year-account-without-warning/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cloudinfrastructuremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aJN8B9VLpITvPuNhV1BGWAAAAEw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cloudinfrastructuremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aJN8B9VLpITvPuNhV1BGWAAAAEw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cloudinfrastructuremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aJN8B9VLpITvPuNhV1BGWAAAAEw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cloudinfrastructuremonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aJN8B9VLpITvPuNhV1BGWAAAAEw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2025/07/31/cma_aws_microsoft_sms/
[9] https://www.theregister.com/2025/07/31/aws_lambda_cost_nightmare/
[10] https://www.theregister.com/2025/07/30/datacenter_lobby_eu_efficiency/
[11] https://www.theregister.com/2025/07/24/amazon_q_ai_prompt/
[12] https://whitepapers.theregister.com/
Re: Sympathy?
That's the whole point with S3 storage, though - it's free while it sits on their servers, it can be very expensive to get it out. One of the classic barbs they use to hold you to their services.
Re: Sympathy?
Exactly! My mouth was open when I read he lost the programming book and the tutorials he wrote... No local backup?! Seriously????!
Re: Sympathy?
It's worse than that.
His only copy was on a computer owned by a second party using an account paid for by a third party.
Just missing the 'Beware of the leopard' sign.
Re: Sympathy?
Absolutely agree.
If it's that important, you've got a local copy.
Well, another one learns the hard way . . .
Bullshit
The developer running the test typed --dry to execute a dry run only of the code, said to be standard practice across modern languages. But the proof-of-concept had been written in Java, which does not recognize --dry, and so the script executed for real, actually deleting user accounts.
Parsing of command line arguments is
a) language independent
b) the responsibility of the application
There may be a convention that a --dry argument performs a dry run but only if the application supports it -i.e. the application implements such a feature and parses the arguments accordingly.
Re: Bullshit
There is a "--dry-run" standard JVM command line option which creates the VM but doesn't execute the main method, documentation says it might be useful for validating the command-line options such as the module system configuration. Not very useful to test what a tool implemented in java would do - as you correctly point out that would have to be something the tool supports.
Re: Bullshit
Wouldn 't that be something like:
java --dry-run my_prog.jar
as opposed to:
java my_prog.jar --dry-run
The latter form being where my_prog.jar would be expected to handle the command line option.
Oh well. A generation of Windows developers who don't grok command lines.
Choices were made
Backing-up to the same environment you're backing-up? An interesting move! That's like backing-up a hard disk to the same hard disk.
Amazon's identity verification is provably broken
I self-published my first novel a while ago but I can't sell it on Amazon because their identity verification system simply doesn't work. I assume there's some kind of AI nonsense going on - whether you use their "hold the documents up to the camera" approach or send them a scan of the documentation it will fail.
I even took screenshots of myself selecting "UK Passport" from the "identity type" dropdown and then the feedback after uploading the scans where the system informed me "you appear to have uploaded a UK Passport, please select that from the dropdown" and sent them with my support requests, but Amazon's goons still cancelled my account permanently and with no recourse because they "couldn't prove my identity." I mean, technically that was true but only because their system doesn't work!
Anyways, after whatever initially went wrong in this case the account cancellation might have been due to whatever clownshow is happening under the bonnet of their ID service.
Re: Amazon's identity verification is provably broken
We have somehow replaced a system (that everybody hated) in which it was difficult to get a hold of a person, with a self-service model where it is impossible to get a hold of a person.
I'm confused
Even putting aside the valid argument that putting your eggs in one basket is a fucking stupid idea -- AWS shouldn't work that way. I've done over 50 hours of AWS training and worked in production environments with it. This makes no sense. I think we're missing information from both sides of this story.
Fail, on fail, on fail on top of fail.
If you're working on the cloud on a single account, this should IMHO be considered your "local" drive. This means you need 2 other backups.
And who the heck programs their program that they're testing on a LIVE environment to need an argument to prevent it from doing actual harm? The default should be NOT doing anything and requiring a specific argument (that is not easily mis-typed) to make it do something other than nothing.
Sympathy?
I'm finding it very difficult to find any sympathy for someone who didn't have local backups of something he considered of high value but which he stored only on someone else's computer.