I’m having a little trouble following since I don’t speak French, but based on other comments here, it sounds like:<p>1. French YouTuber Micode bought a used SSD from leboncoin.<p>2. Micode wanted to demonstrate that data should always be properly wiped from used drives.<p>3. The SSD Micode obtained had been quick-formatted and was never encrypted, so it was trivial to recover the data on it.<p>4. Micode asked his followers on Twitter to try to identify the source of the drive.<p>5. It was eventually identified as belonging to Scaleway, and it contained important data from a Scaleway customer’s VM, including an SSH key, source code, and an S3 secret.<p>6. Scaleway threatened Micode, who now claims to have wiped the data.<p>7. Scaleway published a blog post claiming the drive was stolen while being transported between datacenters.<p>Unless I’m missing something that was lost in translation, I call bullshit on #7. They also seem to be claiming customers were notified immediately, but it that doesn’t appear to be the case. This just seems like they sold an old drive that should’ve been encrypted (it wasn’t) and wiped (it wasn’t). Whether that sale was authorized is a matter of debate—one former employee said they wouldn’t be surprised if someone just decided to walk out of the building with decommissioned hardware.