Konstantin Gizdov has an interesting story to tell. He got locked out of his Microsoft Azure account. He doesn’t think it was hacked, it was a Microsoft software bug.
More importantly, his attempts to recover the account were incredibly frustrating. The frustration was, in part, caused by the fact that Microsoft didn’t think it was their problem.
The problem started when he got an email that his account had been renamed. All of his attempts to get Microsoft support to unlock the account were totally unsuccessful and the data in the account was important to him.
Part of his problem was that, as an IT person, he had secured his account very effectively and removed most of the back doors that would have let him back in.
He followed all of Microsoft’s procedures for recovering his account, but, for whatever reason, none of them worked. Microsoft said there are no bugs (really? What alternate reality do they live in?)
He did have an emergency account recovery code which should work except that, he said, there was s 30 day waiting period before he could use it.
But he lucked out. His story got a fair amount of coverage and Microsoft’s Identity VP saw it. HE apologized on Twitter, both for the bug and how Microsoft’s customer support handled it.
But this is a good lesson for everyone.
Even Microsoft says that you should use an out of network backup. WE have at least 4 generations of backups, including at least one that is locked up in a bank vault. You really can’t have too many backups.
As companies and individuals move more stuff to the cloud, this is becoming a potentially large issue.
While the world won’t stop turning if you lose all of your music or photos stored in the cloud, I suspect a lot of people will not be happy. Support on the consumer side is even worse than what this guy experienced.
On the business side, getting locked out of your business records or customer records could, potentially, put you out of business. And get you sued on top of it.
And cyber insurance companies are starting to get into the act telling businesses that they won’t get coverage if they don’t have the right air-gapped backups.
This would be a good time to review what you have, both for your business and personally, and make sure that you are okay with whatever losses you might have if something bad were to happen.