Skip to main content

An IT Guy Gets Fired And Promptly Torches 23 Amazon Web Servers

By March 30, 2019No Comments


(This post originally appeared on Inc)

Thinking of terminating that under-performing or problematic employee? If you do, just make sure protect yourself…and your data.

That was a hard lesson learned by the management at Voova, a marketing and software company based in the UK.  Back in 2016, Voova terminated an IT staffer…and paid a big price.

The employee – 36-year-old Steffan Needhan – was let go due to “poor performance” after only four weeks on the job.  But the reasons why he was let go isn’t important. The aftermath is. That’s because the company left themselves – and their data exposed. Needhan – remember that he’s an IT guy  – was still able to access the company’s systems soon after being terminated because he stole a fellow employee’s login credentials. The fellow employee was nicknamed “Speedy” Gonzalez.  I only include that part because it’s kind of funny.

But nothing else about this story is. After gaining entry to Voova’s network, Needham wreaked havoc, “torching” the Amazon Web Services computers which hosted the company’s main business applications and data.

According to a report in Naked Security, Needham “got busy” by fiddling with account settings and then deleting each of the company’s AWS servers.  As a result, the company lost “big contracts with transport companies” to the tune of £500,000 (about $700,000 at the time). Unfortunately, the company was unable to recover the deleted data.

Needham was ultimately tracked down, arrested and finally found guilty of the crime this past month. He’s now serving two years in jail. I’m sure the company would rather have the data (and their customers) back.

Could Voova have avoided this crisis? Yes and the answer was simple: a 2FA (two-factor authentication) system. By implementing this system, when Needham logged into the system a text message would’ve been sent to “Speedy’s” smartphone also asking for permission to login and we’ll assume that Speedy would’ve alerted management of the intrusion.  That didn’t happen.

For business owners of all size, whether you’ve got your data in-house or using a third party to host it, the lesson is clear.

Have a plan for when employees leave, of course. But also make sure your systems are locked down with 2FA security now. Most application and hosting providers provide this option. To me, it’s not an option. That’s because doing so will not only protect your business for if an employee leaves, but it will also provide a very necessary additional layer of security for everyone else

Skip to content