[zagi]

Hi, Ben from DigitalOcean here - just to give you guys an update. This method will no longer work on a newly created droplet.

We've now default scrub_data to ON for both web interface and API as we look at making this process permanent. Additionally, we've re-engineered the way we're provisioning disks and access to previously written data is no longer possible.

We've taken all steps in favor of security currently and will build a permanent solution that favors security and caution moving forward.

[flexd]

I am a bit surprised I have heard absolutely nothing about this via. email (I'm a customer). From what I remember of the last security incident I did not get an email until way after it had become publicly known.

You guys really need to become better at communicating with your customers when I can look at the front page of HN one day and see some issue with your services, DO people commenting and no mail in my inbox.

The priority should be to alert customers there is a problem, and most importantly to fix the problem.

And sending a mail a week or a few days later is really not okay, a rapid response on your end to notify us is needed if we are going to be able to quickly take necessary precautions.

[colechristensen]

The update is appreciated, I'm glad I switched to DigitalOcean for my personal projects.

Like I've said before, I care very much less about the existence of problems than I care about the timely and appropriate response to them.

A question: is the lapse here going to trigger any bigger-picture analysis of your security practices?

[bsaul]

Fantastic ! That's how you build trust. Congrats.