FTFY
"I think that IBM already HAD (recently let go in resource actions) some amazing infosec people"
IBM left private keys to the Docker host environment in its Data Science Experience service inside freely available containers. This potentially granted the cloud service's users root access to the underlying container-hosting machines – and potentially to other machines in Big Blue's Spark computing cluster. Effectively, Big …
Um, sorry but how can they be sure it hasn't ? If the only way to be sure is to re-image the servers, then it sounds like they won't really have any way to be sure.
Also ; two weeks ?!? Why wasn't shutting everything down immediately until the issue was corrected not an option ? It's not like this environment is heavily used by . . oh, I get it. Non-critical, maybe even a let-it-run-so-we-see-if-anyone-tries-something test. Okay, as long as no personal data is lost, I'm fine with that.
Two weeks is easily long enough for a miscreant to take complete control of IBM's systems.
However, it's possible that they changed the locks immediately, and only took the old keys out fron under the flowerpot two weeks later.
Why is it so hard to learn not to leave the keys outside?