[eloff]

The author is talking specifically about AWS. The odds that there is a mistake decommissioning the disk that leaves the data intact, times that somebody salvaged it from a landfill, times that they care about your data is basically zero. Which means a logical person should worry about everything else.

[im3w1l]

What are the odds that some arranges for all those things to happen though? When you try to go after them they will have plausible deniability.

[fnordpiglet]

Disk management and destruction is largely automated. That’s extraordinarily unlikely.

[eloff]

That’s an interesting attack vector. Bribe someone to replace the disk without wiping it, and be in a position to intercept it after that.

[DrRobinson]

This would require you or the person in the data center to know which customer is using which disk. And data isn't stored on just one disk, it's spread out over multiple disks and many customers have shards of data stored on the same disk. So even if this did happen, the would only get fragments of data.

[knorker]

You forgot to multiply by the millions of disks they presumably go through every year.

[eloff]

You don’t though. Your risk calculation is the same.