Tag Archives: Backups

What if You Get Locked Out of Your Cloud Account?

Konstantin Gizdov has an interesting story to tell. He got locked out of his Microsoft Azure account. He doesn’t think it was hacked, it was a Microsoft software bug.

More importantly, his attempts to recover the account were incredibly frustrating. The frustration was, in part, caused by the fact that Microsoft didn’t think it was their problem.

The problem started when he got an email that his account had been renamed. All of his attempts to get Microsoft support to unlock the account were totally unsuccessful and the data in the account was important to him.

Part of his problem was that, as an IT person, he had secured his account very effectively and removed most of the back doors that would have let him back in.

He followed all of Microsoft’s procedures for recovering his account, but, for whatever reason, none of them worked. Microsoft said there are no bugs (really? What alternate reality do they live in?)

He did have an emergency account recovery code which should work except that, he said, there was s 30 day waiting period before he could use it.

But he lucked out. His story got a fair amount of coverage and Microsoft’s Identity VP saw it. HE apologized on Twitter, both for the bug and how Microsoft’s customer support handled it.

But this is a good lesson for everyone.

Even Microsoft says that you should use an out of network backup. WE have at least 4 generations of backups, including at least one that is locked up in a bank vault. You really can’t have too many backups.

As companies and individuals move more stuff to the cloud, this is becoming a potentially large issue.

While the world won’t stop turning if you lose all of your music or photos stored in the cloud, I suspect a lot of people will not be happy. Support on the consumer side is even worse than what this guy experienced.

On the business side, getting locked out of your business records or customer records could, potentially, put you out of business. And get you sued on top of it.

And cyber insurance companies are starting to get into the act telling businesses that they won’t get coverage if they don’t have the right air-gapped backups.

This would be a good time to review what you have, both for your business and personally, and make sure that you are okay with whatever losses you might have if something bad were to happen.

Credit: The Register and Security Week

Cops Lost 8 TB of Criminal Case Data

In what has to be called a really bad oopsy, the Dallas Police Department, during a data migration effort back in March, lost 22 TB of data. This includes data from at least one murder case.

The Dallas DA said that the city of Dallas (as opposed to the DA) discovered the problem on April 5th and the City’s IT department was able to recover about 14 TB out of the 22 TB lost. The remaining 8 TB, they think, are gone forever.

The DA claims that their office didn’t hear about the problem until August 6th (I am not sure how or why this is possible, given a lot of data was missing).

They disclosed the facts that they know on August 11th.

It is possible that some of the information may be reconstructable from other systems. From what I can tell, the DA and the Police use different systems, so it is possible that some data may be recovered that way.

Apparently, the DA does not know how many or which cases were affected (another impressive feat).

Jonathan Pitts, a murder suspect who was supposed to go on trial on Thursday has, instead, been released on bail. Assuming that the data that would incriminate him is permanently lost, he will likely go free. A true “get out of jail free” card.

The DA says that even though the police know about the loss immediately, they did not bother to tell the DA for four months and the Mayor said he was blindsided.

Credit: The Register and The Dallas DA

Ignoring for a moment that potentially a number (unknown) of criminal defendants may go free, there is an opportunity for a “learning moment” here. Every IT team should look at this and see what went wrong and learn from it.

Apparently, this data migration process was destructive. Why? Was it not possible to preserve the old system?

Apparently, the backups were faulty or not tested or the data just wasn’t backed up. Why?

Why did it take 4 months to notify the affected parties?

Why didn’t anyone tell the boss (the Mayor) at the time. This is not like someone’s laptop crashed. This qualifies as a BIG problem.

It is conceivable that the police, the city and/or the DA could be sanctioned by the courts by withholding pretty important information while they were trying to cover their rear ends.

Why don’t they know what data was deleted?

And I am sure a hundred more questions.

If you run an IT shop, this is a good opportunity to look at your processes – just to make sure that next time I am not writing about you. Although I am an equal opportunity fella, so beware.

Just sayin’

Adobe is Being Sued for Bug that Deleted User Files

This could be a very interesting lawsuit and we will watch it and see where it goes.

In 2017 Adobe released Premiere Pro Creative Cloud 2017 version 11.1.0 ,  Apparently, like a lot of software, this product was not bug free.

In fact, a feature called clean cache not only cleaned the cache of Premiere work files, but also cleaned the user’s original files, irretrievably.

The freelancer who filed the lawsuit and is seeking class action status lost over 100,000 video files which he says cost him bigly in his inability to license those videos after Premiere went wild.  He says that the lost files cost him a quarter million dollars to create.

Adobe acknowledged the bug and released version 11.1.1 which, Adobe said, will only delete files within the media cache. Files, they said, that sit next to it will no longer be affected.

Cooper (the freelancer) tried but failed to settle with Adobe.

The thing that is strange about this lawsuit is that most end user license agreements – the ones that almost no one reads – usually state that the vendor does not guarantee the software will work or that it will be free of bugs or that it is suitable for what you are planning to use it for.  Given that, why is Adobe responsible?

He is alleging that Adobe breached a duty of care and failed to disclose what was, at the time, an unknown bug.  They filed this lawsuit in California which has stronger consumer protection laws than many states do, but they are filing it in the U.S. District Court.  They are also saying that Adobe was unjustly enriched as a result of charging a fee for this buggy software.  Part of the suit is claiming negligence under California law.  They say that Adobe should have known that the software bug existed.

If the court holds that to be true then every software vendor that has a bug that impacts a user will be similarly at risk. I do think that a bug that deletes all of your data is more serious than, say, a bug where a particular feature does not work as advertised.

They are also claiming that Adobe has strict liability for a defective design and are claiming that deleting the files is a safety failure, similar to, for example, your iPad catching fire due to the battery overheating.

They are also making a number of other claims.

This suit was filed this month so we have not heard any response from Adobe, but I assume that they will claim, among other things, that the license agreement that every user agreed to even if they chose not to read it, says that we don’t guarantee the software will work.

I have several thoughts here.

First of all, if you sell or even give away open source software, you need to watch this trial (they have asked for a jury trial).  The outcome could impact your company.

You should also check your product liability insurance and make sure that it covers you in situations like this.

But in this case, unfortunately, I put 90% of the blame on the user.

IF YOU HAVE DATA THAT IS IMPORTANT TO YOU, YOU NEED TO HAVE BACKUPS.  I Can’t make it any clearer than that.

Who would he blame if his house was broken into and his computer stolen.  In both the current case and my hypothetical one, absent good backups, he would have lost his data.  Who’s fault would it be in my hypothetical case?

He said that the files cost him a quarter million dollars to create.  If you had a digital asset worth that kind of money, wouldn’t you periodically copy those files to a USB disk – or preferably two – and stick it in a bank vault.  I just bought a 4 terabyte disk for $80. 

Seems like cheap insurance to me.

Without regard to the outcome of this suit, which could be in the courts for years, users, both business and consumer, should know that their data is at risk in any number of ways and make appropriate backups.

When it comes to cloud backup systems like iCloud or OneDrive, those systems will back things up on a best efforts basis.  If those backups fail, you will be in the same boat as these guys.

Bottom line, based on the value to you, you need to create and maintain backups as appropriate to reconstruct your data.

Even if this guy wins, and it seems unlikely to me but who knows, in the end, he still doesn’t have his videos and pictures.

As they sang in the movie Hoodwinked, be prepared, be preparedThat is way less pain than losing your data.

Me, personally, I keep multiple copies of my data in a bank vault and each copy is split across multiple physical devices so that if any one device fails and that same device fails on multiple generations of the backup, I only lose a part of my data.  Bank vaults are controlled for temperature and humidity and are relatively speaking, pretty secure.  However, that is only ONE measure that I take. 

Depends on how important your data is to you.  Source: Motherboard.