Fedex bought a company that stored 119,000 pieces of scanned customer IDs in a public Amazon cloud server, shut the company down, left the scans online for anyone to download


Originally published at:


It would make you cry to know how often I’ve heard that one.

Techie: “Our customer data has been available online since 2002!”
Suit: “Did anyone download it?”
Techie: “It is literally and absolutely impossible for us to know.”
Suit: “Thank god for that! That means we’re A-OK!”


Corporate confidence is at an all time high.


Oh, the cyber-apocalyopse is going to be fun. It’ll be akin to the end of Fight Club, I hope. Maybe throw in a little High Rise. I’m totes down.


Fedex says this is OK because if someone stole this data, they did so without leaving a trail that Fedex can find.

What is this “trail,” anyway? There’s always a trail in the movies, or “fingerprints.” If I was in the business of downloading fullz, I don’t think I would drop an Ace of Spades at the crime scene, just to taunt the police.


Why would anyone ever give a scan of their personal ID to a non-governmental agency? Is it a “best practice”?


Something I keep trying to drill into people at work is when you spin up a server it still requires care and feeding.

I have mostly failed at this.



This topic was automatically closed after 5 days. New replies are no longer allowed.