this post was submitted on 27 Aug 2025
783 points (97.6% liked)

Technology

74545 readers
3722 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
783
The entire US Social Security database was uploaded on a random cloud server, Whistle-Blower Says (www.nytimes.com)
submitted 1 day ago* (last edited 1 day ago) by Davriellelouna@lemmy.world to c/technology@lemmy.world
80 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] fmstrat@lemmy.nowsci.com 56 points 1 day ago (3 children)

OP, please revise your title to match the article, it is currently misinformation.

The complaint is about where the oversight comes from. This is not some random cloud server.

“S.S.A. stores all personal data in secure environments that have robust safeguards in place to protect vital information,” he said. “The data referenced in the complaint is stored in a longstanding environment used by S.S.A. and walled off from the internet. High-level career S.S.A. officials have administrative access to this system with oversight by S.S.A.’s information security team.”

[–] a_wild_mimic_appears@lemmy.dbzer0.com 2 points 7 hours ago (1 children)

Don't you think after 5 months without oversight who exactly has access to that server that the difference between this and a random s3 bucket is nearly nil? But you are right, in the light of integrity the title should reflect the facts as they present themselves currently.

[–] fmstrat@lemmy.nowsci.com 1 points 6 hours ago

I do, yes, it's blazingly stupid and others have been jailed for less.

But I've noticed a number of misleading post titles recently, like the just today there was obe about a cyclist getting hit by a car when it was actually the cyclist turning into traffic. Tragic, but the title misleads. So I've started pointing them out.

Maybe I just long for the days when titles aren't rewritten to drive opinion and engagement (regardless of if I agree or disagree).

[–] jacksilver@lemmy.world 13 points 1 day ago (2 children)

I agree that "random server" is a bad choice of words, but do want to add additional information context as the concern isn't necessarily unwarranted. Another qoute from the article:

“I have determined the business need is higher than the security risk associated with this implementation and I accept all risks,” wrote Aram Moghaddassi, who worked at two of Mr. Musk’s companies, X and Neuralink, before becoming Social Security’s chief information officer, in a July 15 memo.

Its also sounds like they did spin up a new database with limited security/oversight to "move" faster. Why that's worrisome is they aren't denying there is a risk or lack of security, they are just saying it's justified.

[–] nieceandtows@programming.dev 4 points 20 hours ago (1 children)

Could you please explain like I'm 10?

[–] jacksilver@lemmy.world 5 points 17 hours ago (1 children)

The SSA stores a lot of sensitive data. Normally with sensitive data you want to be very careful with who can access it and how.

What is potentially worrisome in this situation is it seems like the SSA is taking on the "move fast and break things" attitude of Silicon Valley.

More technically, most government agencies use AWS and Azure (cloud providers) to host data. So spinning up a new server isn't inherently bad. However, creating a new server that is secure and has the correct access controls (user permissions regarding who can see/change content) can be challenging. The whistle blower believes they are not doing this right, and it sounds like the head of the SSA isn't disagreeing, just saying he thinks the risk is worth it.

[–] nieceandtows@programming.dev 4 points 9 hours ago

That makes sense, thanks for the explanation

[–] fmstrat@lemmy.nowsci.com 3 points 1 day ago

Oh yea, agree it's a dumb move. This should be on-prem data IMO.

[–] lemjukes@sopuli.xyz 12 points 1 day ago

BUT WONT SOMEONE THINK OF THE SENSATIONALISM?