After realizing that my servers were offline since the 25th of January 2025, I've been in contact with Oracle support in a multitude of ways trying to figure out why this happened and how we can recover both the account and data.
I wasn't told that my account was disabled. I didn't receive an E-Mail or anything. When logging in, I was simply told that my username or password was incorrect. After (successfully) resetting my password twice, I realized it wasn't about the password. Oracle had just deleted my account without any notice.
Both through calls and text, always with the same service request (SR) number, I contacted support. Initially, support told me that my account was flagged “Inactive” and hence disabled. They also verified that they saw me login almost daily and that I never missed a payment or anything. Even if an account was inactive, that's never a reason to disable it, especially without any warning E-Mail or an E-Mail letting me know that my account was disabled in the first place.
This chat was the result of all of that, where the highest team I've yet been elevated to told me that there's nothing they can do about it, there's no reason they can tell me for why this happened, and there's no one else I could ask.
I also love how I ask “Is there anything I can do to avoid this happening in the future?” and they respond with “Oh, don't worry. You don't have a future at Oracle. This will not happen to you again, as we don't allow for you to make another account.”
Don't worry: I have backups of all of this. It's just kafkaesque what is happening here.
Interestingly, two days before Oracle deleted my account and all servers associated with it, I publicly criticized Oracle's CEO in a viral post for promising dystopian AI surveillance technology to his investors.
https://mastodon.de/@ErikUden/113879369270806353
What a weird coincidence.
Moving these servers, despite having no long term impact like data loss, will have some financial impact. Don't feel forced to, your vocal support about this issue was more than enough to turn my evening from a bad to a wonderful one, however if you have the financial resources I'd be happy about a little support:
https://mastodon.de/@ErikUden/113931409953809719
Where will this money go to ;)?
This morning, on February 2nd 2025 at 06:58 (GMT+1) I've received an E-Mail by Oracle stating “Your Oracle Cloud account has been reactivated.”
I couldn't believe my eyes and didn't really understand how to respond. At the point in time where I received this E-mail, my post regarding Oracle's mistreatment has already gathered thousands of shares and was also discussed heavily on Hacker News among other platforms.
My many pleas and requests from the past week didn't do anything. My GDPR request didn't do anything so far. But within a few hours of public complaints and so many people telling me to take this to court... I guess this was simply the easiest way.
I still don't fully understand the E-Mail I've gotten. It talks about an order about universal credits that occurred at 5:20 AM, where I've been cold asleep. When I login to Oracle Cloud, no such credits exist. Additionally, they don't show up when I look into the “Cost and Usage Reports” under my account management. Even more interesting are the dozens of files showing an account and server activity, with the calculated cost of it all, for a time period where my account was supposedly irreversibly deleted.
I'll share more interesting findings soon. I am honestly just shocked about this development. I would've expected many things except for a 180.
I wish my main and inspiring takeaway here would be that we can fight them and win.
However, I was in no control here. The fact this resonated with a lot of people causing an internet wide uproar was nice, but Oracle's legal team could've decided to not care.
Are they taking the wind out of our sails by reinstating my account? Is this their way of admitting and undoing an honest mistake? Would this have happened if I never complained publicly about it, or was my private GDPR request what did the magic here?
I cannot tell you. All I can say is that your account and all your data still exists on Oracle's servers even over a week after your account has been “irreversibly” wiped. Keep that in mind the next time support tells you there's nothing they can do.
“We cannot provide more details or reactivate your account.”
“There is no way to recover your account.”
“There is no team to which to escalate this.”
“Your Oracle Cloud account has been reactivated.”
I also dislike the passiveness in that statement. You reactivated it. Doesn't matter if it was an automated system or a human, you did that. It wasn't magically reactivated by some third party, it was you.
What I'm about to say is obviously just speculation, but if it was some terms of service I was violating, or their system goofing up and believing I was a free tier account and hence them stopping everything as they needed to make space for a paid service, wouldn't my server shut down first and my account be deleted second?
If there was some problematic material found to be stored on my server, or if I was illegally running a mail-server, TOR exit node, crypto miner, illegal streaming site, or something else that was violating the TOS, wouldn't the server be the first thing they irreversibly nuke?
The server was apparently constantly running, even when my account was terminated. Its IP address and any public access (ingress, egress rules) were removed or blocked.
The current uptime is 17 days. This makes everything all the more confusing...
@ErikUden If you've got anything there can you just download it and take your custom elsewhere? That was very shabby treatment.
@davep I will of course do that.
@ErikUden How incredibly bizarre
@ErikUden Wirst du bei denen bleiben oder ziehst du nach dem Vorfall woanders hin um?
@geco_de Ich ziehe selbstverständlich ganz weit woanders hin.
@ErikUden I’d still move off them as quickly as possible
@mirabilos Yes. Of course. I never expected to see this data back.
@ErikUden wow what a turn of events! I wonder if, as an authorized account owner, support can now provide more information about what happened.
@eljojo I don't dare to talk to anyone. I'm currently hastily downloading everything there is just to be sure I got it. Afterwards I'll play around with it some more.
@ErikUden@mastodon.de I was in a simillar situation a few months back, fortunately I was just leeching off their free plan for a fast VPN so I didn't lose any data that was important
@ErikUden ...or your data is "deleted" when you quit using their services.
THIS. EVERYONE NEEDS TO THINK ABOUT THIS PART RIGHT HERE.
@violetmadder @grootinside @ErikUden in such cases, keeping data for a short time would be advised.
@gileri @grootinside @ErikUden
Sure. But then why did they keep saying the data was gone and unrecoverable?
@violetmadder @grootinside @ErikUden because at the time of writing they were banned, the cloud service has no obligation of service, or data export.
I agree that's really bad, but it make sense. About GDPR obligations I have no idea how that work with regard to soon-to-be-deleted data.
@gileri @grootinside @ErikUden
The main point here is that these companies are FULL OF SHIT.
There's a world of difference between "your account can't be recovered" and, "your account WON'T be recovered". They'll never say the 2nd one in a million years, because they're busy pretending crap like this is the act of some ineffable and unassailable god, which should be warning to everyone because that's how the company actually thinks of itself, which tells us what they think of their customers-- scuse me, their hapless subjects.
These dark patterns are red flags that should NOT be normalized. No company should be allowed to feel like they can get away with this behavior, and any that tries should not be allowed to stay in possession of wealth or power.
@ErikUden hopefully you’re still going to look for a solution that’s not Oracle Erik?
@ErikUden Welcome to the era of bullshit.
Companies whose products I refuse to use: Adobe
Cisco
Google
Microsoft
Oracle
@chessert @ErikUden me too and even Apple and Google are not more my choices for mobile working … I switch back to SaulfishOS and Linux … but Oracle messed up for me as they bought Sun Microsystems and started to bully the community behind MySQL and Libre Office … from that point on Oracle disqualified completely for me
@ErikUden I suffered exactly the same thing with Hetzner. They simply deleted Ursal.zone account. Thankfully we had backups. But they never said why, never sent a warning mail and never gave my data back.
@DanielaAbade I remember! Why is there just no good alternative...
@ErikUden the only alternative is to take down capitalism.
I would say selfhosting in your own environment is the only true alternative preventing you from this
@DanielaAbade @ErikUden damn, and I was thinking of getting an account with them...
@kudra @ErikUden We left, there was nothing to do. How could I sue the guys from Brazil? @cadusilva who is the sysadmin (I'm not a tech person) transfered to some other company called Host something. But we do back-ups every couple of hours, because we can't trust any company anymore.
@DanielaAbade @kudra @ErikUden yes, currently we're hosted at Hostinger in São Paulo.
But soon we'll be at some European country with Netcup due to cost savings.
@DanielaAbade @ErikUden where'd you end up, instead? if this is how Hetzner operates, I should look into switching providers
@eigen I manage the Ursal.zone server and currently we're at Hostinger, soon-to-be with Netcup.
I'd avoid Hetzner, specially if your content is at least somehow left-leaning.
After Hertzner SNAFU with Ursal, I deleted my personal account with them and started to suggest people to stay away.
@cadusilva @DanielaAbade @ErikUden is Hostinger an acceptable alternative to hetzner? or are you specifically moving away from them as well, to Netcup? (I also have the additional complication of being US-Based [hetzner now has 1 or 2 datacenters Stateside {though who knows for how long, at this point, under this administration }])
@eigen Hostinger works just fine but here and there they go offline without warning to perform "maintenance" during business hours.
Other than that, nothing to complain about. We're only leaving due to cost-cutting as our first year promo is about to end and will become very expensive in our local currency (BRL).
@ErikUden take a look at dmesg, VMs can be paused/resumed. if you couldn't ssh into it, it was presumably not running?
@eljojo I couldn't SSH into it, but because the connection failed. dmesg reports normal behavior for the past days.
@ErikUden hmm that’s interesting. best luck with data recovery and research!
@ErikUden They just try, thinking, there will be no reaction. If the reaction is dangerous for them (reputation), they step back. But obviously, no one would reasonably go back to them – as next time you say something negative about the boss, that can/will happen again.
@ErikUden lawyer up. EFF should really look into this. and you’re in Germany. this trips more than a few EU laws.
If it was shut out due to some security trigger, everything you've described would match.
- the server would not be shut down but isolated for investigation
- your account would be shut off as compromised, since you don't have a named account manager (= you're not big enough to care about)
- customer support would not be able to tell you anything
@ErikUden
@osma Okay, thank you for these insights. Then my best explanation of what happened is this!
@ErikUden
You want to know what I think it might be? People were probably communicating around you with some details that someone wanted gone. You weren't considered valuable enough as a customer to keep over them, and they follow money. Companies often "feel" they owe nothing, but just not to upset their main customer base. But they'd never admit it.
@ErikUden
I don't know what the server's for, but I'd ask what the last person who used it posted or what it mainly contains as to a clue. But I won't ask that. It's rude, even if curious, and a security risk. Just some thoughts.
@ErikUden Probably they was attacked and don't want tell it, maybe all accounts was deleted and they put it back with backup ?
Such companies which don't tell the truth don't receive my money.
Kannst du die DSGVO nicht irgendwie als Schwert verwenden?