Inside the Massive SaaS Data Deletion: How a Core Engineer Wiped Out Millions

On February 24, Weimeng (微盟) announced that its business system database, including primary and standby copies, had been deleted by a company operations staff member, with service restoration expected to take 24–48 hours.

According to the announcement, around 19:00 on February 23 the SaaS service experienced a failure, triggering system alerts. Investigation revealed that the production environment and data were deliberately destroyed by a core operations employee from the R&D Center.

The employee was reported to the Shanghai Baoshan Police and has been criminally detained.

Weimeng began emergency repairs; by the morning of February 25 the SaaS production environment and data were being restored, with new‑user services expected to resume by that night and full data recovery for existing users targeted for February 28.

The company is formulating compensation plans for merchants affected by the incident.

Tencent Cloud’s technical team coordinated with Weimeng, working around the clock to assist in the recovery and minimize losses.

Weimeng, founded in 2013, provides cloud‑based commercial and marketing solutions to small and medium enterprises, with over 3,200 employees, more than 1,600 channel agents, and over 3 million registered merchants.

SaaS revenue accounts for roughly half of the company’s profit; in 2018 SaaS contributed RMB 3.47 billion (40.1% of total revenue) with a gross profit of RMB 2.94 billion (57% of total gross profit). The outage therefore poses a severe financial risk.

The article questions who should be held responsible, noting that initial statements blamed a physical fault in Tencent Cloud’s data center, but the prolonged three‑day downtime raised doubts.

Industry speculation suggests that all merchant data may have been lost, and the employee reportedly accessed the internal network via a personal VPN to carry out the sabotage.

Operational lessons highlighted include the need for stricter permission management and more reliable backup mechanisms, as both primary and standby databases were vulnerable to deletion.

Weimeng’s official announcement (image) confirmed the criminal detention of the suspect, He 某.

The incident caused Weimeng’s stock to drop, wiping out over HK$12 billion in market value on February 24, before recovering after the announcement.

Consequences for the responsible engineer could include criminal penalties and lasting damage to their career.

Implement tighter permission controls for operations staff.

Establish robust backup solutions that protect both primary and standby data.