Google cloud error wipes out $135 billion in accounts
Implications and countermeasures of a Google cloud configuration error
Recently Google Cloud accidentally deleted the account of the UniSuper pension fund, which manages $135 billion, due to human error. UniSuper had to restore the data with external backups. Google has improved security systems to prevent future incidents.
Recently, Google Cloud faced a serious incident involving the UniSuper pension fund. Due to a combination of unfortunate circumstances and human error, UniSuper's account, which managed the data of more than 600,000 people totaling $135 billion in assets, was canceled without warning. Although Google's cloud division has a strong focus on artificial intelligence, this problem was caused by simple human error. The situation forced UniSuper to resort to emergency backups offered by external services to restore the account and caused an interruption of operations for approximately two weeks, from 2 to 15 May. Google later released a detailed report on the incident, explaining the actions it has taken to prevent similar events in the future.
The origin of the error and the automatic deletion
The incident originated from an initial misconfiguration of the cloud environment of the UniSuper account. During this process, someone omitted a crucial parameter, leaving it blank. This small mistake triggered an account auto-deletion timer, which expired on May 2nd. Due to the nature of the internal tool used for configuration, no notification or warning was generated, and UniSuper's account was deleted without any prior warning. This event caused numerous difficulties for UniSuper, forced to restore data using external backups, as stated by the organization itself, while Google ensured that their internal backups were intact and essential for account recovery.
Future corrective and preventive measures
After the incident, Google took significant steps to prevent a similar incident from happening again. The company eliminated the internal tool responsible for the error and moved all critical operations to an interface that can be managed directly by customers. Google also undertook a thorough review of all accounts on the platform to ensure there were no active self-deletion timers. Additionally, the company has introduced additional security measures, such as soft deletion, multiple prior notifications, and confirmation prompts from human staff, to strengthen the reliability of their cloud system and prevent dangerous inadvertent deletions.
Google reassures that the incident is isolated
Google wanted to reassure its customers that the incident was an isolated case. The company stressed that there are no other scenarios that could so drastically compromise accounts on their cloud platform. Additional protections implemented include soft deletion mechanisms, multiple preemptive notifications, and manual confirmation prompts. With these changes, Google is committed to ensuring maximum security and reliability for its customers, while minimizing the risk of similar errors in the future. The incident highlighted the importance of careful initial setup and constant monitoring of security procedures, a valuable lesson not only for Google, but for all companies that handle large amounts of sensitive data.
Follow us on Twitter for more pills like this06/01/2024 10:51
Marco Verro