Cloud Computing Snafu Shares Private Data Between Users

Grazed from Wired.  Author: Robert McMillin.

New York startup DigitalOcean says that its cloud server platform may be leaking data between its customers.  The company aims to fix this problem, but the snafu preys on many of the fears that so often prevent people from moving to cloud services — shared online services that provide instant access to computing resources, including processing power and storage space.

A low-cost competitor to giants such as RackSpace and Amazon, DigitalOcean sells cheap computing power to web developers who want to get their sites up and running for as little as $5 per month. But it turns out that some of those customers — those who were buying the $40 per month or $80 per month plans, for example — aren’t necessarily getting their data wiped when they cancel their service. And some of that data is viewable to other customers…

Kenneth White stumbled across several gigabytes of someone else’s data when he was noodling around on DigitalOcean’s service last week. White, who is chief of biomedical informatics with Social and Scientific Systems, found e-mail addresses, web links, website code and even strings that look like usernames and passwords — things like 1234qwe and 1234567passwd.   Wondering if it was a widespread issue, he spun up a few new virtual machines and found even more unerased data. In total, he found nearly 18 GB of data using the Linux command: cat /dev/vda | strings > /dev/shm/dump.txt. Then, on March 27, he told the company what was happening…

Read more from the source @ http://www.wired.com/wiredenterprise/2013/04/digitalocean/