[skywhopper]

Also seems pretty obvious that there was no clear chain of command for the operators. The board themselves certainly aren’t deeply involved given the statement by the one board member about how they couldn’t be bothered to communicate with the community about what was happening because they are so busy in their day jobs.

So who should Arko contact? The guy who’s his “boss” just suspended a bunch of access, twice, and emailed contradictory things. Given how sloppy the overall security situation clearly was and continues to be, I’m guessing no one really understands how AWS security works except for Andre anyway.

[anon84873628]

I appreciate these viewpoints. I still think Arko would have been better off communicating quickly and proactively to Haught any changes he made or security issues he discovered, despite however confused or contradictory Haught had been. As you say, RC is the "boss" in this relationship (they unambiguously own the AWS infrastructure and sign the consulting checks). So that is your duty as the professional in the room. And it would have at least protected his image when we now get to this point.

Of course hindsight is 20/20. The whole debacle is a shame.