Fast-growing Infrastructure-as-a-Service (IaaS) provider DigitalOcean is updating its code to make sure its fast storage doesn’t inadvertently expose one customer’s data to any other customer.
The issue arose last night, when Jeffrey Paul, a self-described hacker and researcher based in Berlin, took to GitHub to point out that DigitalOcean does not automatically wipe the data off of fast solid-state disk (SSD) drives used for storage alongside DigitalOcean’s virtual servers. Beyond that, Paul showed how it was possible for the next person who uses a given DigitalOcean virtual server to pull down some data from the previous customer.
“I was able to recover someone else’s webserver logs from yesterday,” Paul wrote.
Within the capabilities of the application programming interface (API) that developers can use to control their assets on DigitalOcean’s cloud, it’s possible to instruct DigitalOcean to completely clean off the data on a droplet, or virtual server, once a customer has finished using it. The “scrub_data” command is “optional,” according to DigitalOcean’s API documentation. It “will strictly write 0’s to your prior partition to ensure that all data is completely erased,” the documentation states.
In the GitHub thread, some developers expressed that they would like to see the storage scrubbed by default, not just whenever a developer instructs DigitalOcean to do it.
Today DigitalOcean cofounder Moisey Uretsky published a blog post in response to the issues and explained how the company’s policies have changed this year. DigitalOcean implementing storage scrubbing, although as the company became more popular, it decided that scrubbing would not be the default in order to optimize performance. This, Uretsky wrote, was a mistake.
Another mistake was not letting customers know about changes to the API, Uretsky wrote.
And so now the company is in the process of updating its code, he explained:
Our first and immediate update is to ensure that a clean system is provided during creates, regardless of what method was taken for initiating a destroy. Engineers are updating the code base right now to ensure that will be the default behavior, and we will provide another notice when that code is live.
Uretsky did not say when exactly the changes will be implemented.
The scramble comes as the company is growing fast in the public cloud market — faster than major player Amazon Web Services, by one metric — and needs to look reliable.
This isn’t the first time DigitalOcean has dealt with security concerns. A similar issue over erasing all data surfaced in April. The company announced a resolution within hours. Now the company has more work to do to prove its cloud is secure.