Skip to content
AID-2026-0007February 2026high

Claude Code ran terraform destroy and wiped DataTalks.Club production

Claude Code proposed and then ran terraform destroy against a stale state file, and the founder, present but not closely reviewing at 11 PM, let it wipe DataTalks.Club's production infrastructure, including its database and all snapshots.

Data lossHigh-risk approval gateNamed approval gate

What happened

On the night of Thursday 26 February 2026, around 11 PM, Alexey Grigorev, founder of the data-engineering education platform DataTalks.Club (a data-professional community of roughly 80,000 members), was using Claude Code to clean up his AWS infrastructure. He had recently switched computers without migrating his Terraform state file. Claude Code unpacked an outdated state backup, announced that it would run terraform destroy, and Grigorev, present but not closely reviewing at that hour, did not stop it. It then tore down everything the stale state described, even though Grigorev had only asked it to remove some duplicate resources. The destroy took out the RDS database, the VPC, the ECS cluster, load balancers, a bastion host, and all automated snapshots. The affected data included the courses_answer table, which held 1,943,200 rows covering roughly 2.5 years of submissions, homework, and leaderboard data. Grigorev engaged AWS support into the early hours of 27 February. AWS Business Support located a snapshot that was not visible in the console and restored it, bringing the platform back within about a day of escalation. Ongoing AWS costs ran roughly 10 percent higher afterward.

What the agent did

Claude Code proposed, then executed, terraform destroy against a stale Terraform state file and deleted the described production resources. It surfaced its intent to run the destroy first, but the user, present and tired late at night, did not intervene. The user had only requested removal of duplicate resources, not a full teardown.

The irreversible effect

Production infrastructure (RDS database, VPC, ECS cluster, load balancers, bastion host) and all automated snapshots were destroyed, taking down a table of about 1.9 million rows spanning roughly 2.5 years of student data. The loss was recoverable only because AWS Business Support located a hidden snapshot not visible in the console; recovery took about a day and ongoing AWS costs ran roughly 10 percent higher afterward.

Root cause

A stale Terraform state file left over from a computer switch was unpacked and treated as current. The agent surfaced its intent to run terraform destroy, but the same tired person was both the operator and the only reviewer late at night, so nothing independent caught the stale-state risk before the irreversible teardown ran.

How a maker-checker control would have refused it

The agent announced its intent to run terraform destroy, but the only checker was the same person operating it late at night, who did not intervene. An enforced maker-checker separation, where an irreversible terraform destroy that removes a database and all snapshots requires sign-off from a checker distinct from the operator, would have forced an independent review that could have caught the stale state before anything was deleted.

Accuracy and corrections

This entry describes a publicly reported incident and is compiled from the primary sources listed above. Where an account is a legal allegation rather than an established finding, the entry labels it as such. Summaries can still contain errors. If you can document a correction, email hello@makerchecker.ai and we will review and correct it, with the change noted, within 14 days.

See it for yourself

Reading is one thing. Watch it block an agent.

One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.

Designed against the rules your auditors already enforce.