Code Spaces, a vendor that claimed to provide secure Source Code hosting and project management support, has just been forced to admit to their customers that they’ve been sabotaged by a cyber extortionist, and they probably cannot fully recover. They put all their hopes, and all their customers’ data, into a single cloud, and it burst.
While not an especially large service provider, the remains of their site on the Wayback machine mentions a number of blue chip clients. I have to wonder how many Code Spaces customers didn’t bother to keep a copy of their code somewhere else.
At the time of this writing, Code Spaces has an explanation, with the unhappy news As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.
Business failure and client data loss are always unhappy events. It is particularly distressing when it happens to a cloud-based service that advertises “redundant, high specification servers with guaranteed uptime and availability.” Guarantees are empty paper when the data is permanently gone because the vendor failed to adequately protect it from hackers, and failed to adequately back it up. And if a vendor is no longer financially viable, service levels and contracts become moot.
As I stress in my latest research note, Everything You Know About SaaS Security is Wrong, the users of cloud services need to take responsibility for the care and feeding of their own data.