This article is more than 1 year old

Vengeful sacked IT bod destroyed ex-employer's AWS cloud accounts. Now he'll spent rest of 2019 in the clink

Bloke hit delete on £500,000 of 'business-critical data' after he was let go for 'poor' performance

An irate sacked techie who rampaged through his former employer's AWS accounts with a purloined login, nuking 23 servers and triggering a wave of redundancies, has been jailed.

Steffan Needham spent four weeks working for software biz Voova before he was let go for "below-par performance". The "embittered" IT consultant, of Atherton, near Wigan, England, got hold of a former colleague's AWS login and destroyed what police and prosecutors claimed was £500,000 worth of business-critical data.

As a result Voova lost a significant number of clients and even had to make redundancies as a result, Thames Valley Police claimed.

Thirty-six-year-old Needham was sentenced to two years in prison by Her Honour Judge Sarah Campbell sitting at Reading Crown Court at the beginning of this month. The jury found him guilty of two charges under sections 1 and 3 of the UK's Computer Misuse Act.

In January the court heard how Needham's May 2016 rampage hinged on his having acquired the login credentials of fellow Voova worker Andy "Speedy" Gonzalez and set about shutting down the firm's Amazon Web Services instances, according to court reports from the Daily Mail and Daily Mirror.

As a result of Needham's vandalism, Voova lost several big contracts with transport companies, including, Voova chief exec Mark Bond told the court.

Prosecuting barrister Richard Moss told the jury: "What has occurred is user Steffan Needham accesses Amazon Web Services for Voova, changed Mr Gonzalez password and secured his user login 'Speedy'. He has then terminated servers, checked the settings and logged out. They were done by the defendant, who used the Speedy login covering up that it was he deleting the servers."

Moss conceded that Voova did not implement multi-factor authentication. Reg readers will be aware that MFA could potentially have prevented the attacks altogether, had Needham been unable to log in. Needham's identity was traced through his IP address, with Moss telling the court that the IP address used to log in to Gonzalez's AWS account had been traced to a company called Metronet, which bought M247, a British connectivity 'n' cloud reseller, in 2016.

"One of their customers is Valtech, and the defendant was employed by Valtech in Manchester and was dismissed... at the time of the attack," Moss said.

Under current sentencing laws, Needham will spend no more than 12 months of his two-year sentence behind bars. ®

More about

More about

More about


Send us news

Other stories you might like