Federal prosecutors say that two companies hosting Megaupload's servers in the U.S. could begin deleting all user content on them as early as Thursday.
But one of the companies today denied it had access to any data on Megaupload's servers and said it has no mechanism for returning data to Megaupload's users.
The operators of Megaupload have been charged with operating a massive online piracy operation that netted them close to $175 million in revenues and caused more than $500 million in damages to legitimate copyright holders.
Megaupload.com, which was among the top 100 Internet sites when it was busted earlier this month by federal authorities, is alleged to have been used to illegally store and share movies, television programs, music and other copyrighted content.
The company itself has claimed that its site was used by millions of people to also store legitimate data including work-related documents, family photos and other personal information.
A court document filed by the U.S. Attorney's Office for the Eastern District of Virginia on Friday noted that U.S. law enforcement has completed its search of Megaupload's servers and copied all relevant data from them.
The servers are no longer in the custody of law enforcement and have been released back to Carpathia Hosting and Cogent Communications, the two U.S. companies Megaupload leased its servers from.
The servers were never removed from the premises of these two companies and are currently under the control of Cogent and Carpathia, the document said. "Now that the United States has completed execution of its search warrants, the United States has no continuing right to access the Mega Servers."
Those seeking access to the data contained in those servers should contact Cogent or Carpathia directly, prosecutors noted in the letter. "It is our understanding that the hosting companies may begin deleting the contents of the servers beginning as early as February 2, 2012," it added.
If the companies do so, tens of thousands of users who used Megaupload.com to store documents, photos and videos could lose the data forever.
Carpathia Hosting today however denied that it has, or ever had, any control over Megaupload's content.
"The reference to the Feb. 2, 2012 date in the Department of Justice letter for the deletion of content is not based on any information provided by Carpathia to the U.S. Government," the company said in a statement. "We would recommend that anyone who believes that they have content on MegaUpload servers contact MegaUpload. Please do not contact Carpathia Hosting."
Cogent did not respond immediately to a request for comment.
Gant Redmon, general counsel at Co3 Systems, a Cambridge, Mass.-based data loss management company, said that the Megaupload case raises interesting questions.
With no clear directions from any court, the fate of potentially legitimate data on Megauploads servers is uncertain, he said.
Prosecutors have indicated that they have returned custody of Megauploads servers to the hosting companies. However, with Megaupload shut down and its leadership arrested, it's unclear who the data will be turned over to, or even whether the hosting companies will want it, he said.
I am kind of stunned by the speed of this and the lack of a court order indicating what needs to be done, Redmon said. The incident once again highlights why people should be careful about who they partner with in the cloud.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.