AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Google cloud error wipes out $135 billion in accounts

Implications and countermeasures of a Google cloud configuration error

Recently Google Cloud accidentally deleted the account of the UniSuper pension fund, which manages $135 billion, due to human error. UniSuper had to restore the data with external backups. Google has improved security systems to prevent future incidents.

This pill is also available in Italian language

Recently, Google Cloud faced a serious incident involving the UniSuper pension fund. Due to a combination of unfortunate circumstances and human error, UniSuper's account, which managed the data of more than 600,000 people totaling $135 billion in assets, was canceled without warning. Although Google's cloud division has a strong focus on artificial intelligence, this problem was caused by simple human error. The situation forced UniSuper to resort to emergency backups offered by external services to restore the account and caused an interruption of operations for approximately two weeks, from 2 to 15 May. Google later released a detailed report on the incident, explaining the actions it has taken to prevent similar events in the future.

The origin of the error and the automatic deletion

The incident originated from an initial misconfiguration of the cloud environment of the UniSuper account. During this process, someone omitted a crucial parameter, leaving it blank. This small mistake triggered an account auto-deletion timer, which expired on May 2nd. Due to the nature of the internal tool used for configuration, no notification or warning was generated, and UniSuper's account was deleted without any prior warning. This event caused numerous difficulties for UniSuper, forced to restore data using external backups, as stated by the organization itself, while Google ensured that their internal backups were intact and essential for account recovery.

Future corrective and preventive measures

After the incident, Google took significant steps to prevent a similar incident from happening again. The company eliminated the internal tool responsible for the error and moved all critical operations to an interface that can be managed directly by customers. Google also undertook a thorough review of all accounts on the platform to ensure there were no active self-deletion timers. Additionally, the company has introduced additional security measures, such as soft deletion, multiple prior notifications, and confirmation prompts from human staff, to strengthen the reliability of their cloud system and prevent dangerous inadvertent deletions.

Google reassures that the incident is isolated

Google wanted to reassure its customers that the incident was an isolated case. The company stressed that there are no other scenarios that could so drastically compromise accounts on their cloud platform. Additional protections implemented include soft deletion mechanisms, multiple preemptive notifications, and manual confirmation prompts. With these changes, Google is committed to ensuring maximum security and reliability for its customers, while minimizing the risk of similar errors in the future. The incident highlighted the importance of careful initial setup and constant monitoring of security procedures, a valuable lesson not only for Google, but for all companies that handle large amounts of sensitive data.

Follow us on Threads for more pills like this

06/01/2024 10:51

Editorial AI

Last pills

Data breach: 560 million users involvedHow to protect yourself from the consequences of a major data breach

Ransomware attack on Synnovis: London health services in crisisSevere disruption to pathology and diagnostic services in London

A new LPE exploit for Windows for sale in the undergroundA new local privilege escalation threat for Windows in the underground forums

Critical failure in Check Point VPN solutions: risks and security measuresExposure of enterprise systems: urgent updates and patches to protect networks