Welcome to Al-gul

The Middle East and More

Reason to Fear the Cloud: Media Temple loses 4 years of emails

leave a comment »

So yesterday I had to set up a new laptop that I needed for the office. A simple task. I have a domain hosted by Media Temple which I use for various business accounts. For some reason, I couldn’t get Thunderbird to connect using the recommended settings. I called Media Temple and they suggested I use their IP address rather than an alias. That did the trick, a connection was made (an IMAP and SMTP accounts) and the emails started downloading.

Around 5 pm I shut the laptop down and disconnected it from the Internet. That evening, from time to time I checked emails. At 0000 AST (1100 PST) I went to sleep. At some point between 0000 and 0600 AST, someone deleted all the emails from my principal account. Four years worth. Plus all the attachments.

In the morning my iPhone registered that 50 emails had been downloaded to my account on Google’s gmail. This is very odd, I usually get 4 or 5 messages each day. The new messages had been pulled off of the Media Temple domain. Back in 2009 these accounts were linked, but when Google made it impossible to send emails using only the name of the non-Google domain I unlinked them.

I called Media Temple and they said that they had backups. Use of the backup would entail a one time charge of $5. I agreed to the charge. Six emails were restored. The rest, had been deleted. The reason, after all day with technical support, is because Media Temple runs an internal back once per week. They ran their backup at 1920 PST. When they did so, they erased the back up from the previous week. And since the attack occurred within five hours of backup, everything in the Inbox had been erased.

While Media Temple hosts cloud services, they claim not to be a cloud service themselves. Each account only gets a single backup which is erased once each week. There is no other copy. In this case, by the time I found out about the attack there was nothing I could do about it. Media Temple claims it would be too expensive to keep an additional backup and that it’s just “my bad luck.” Somehow I don’t think so. They then pointed me to the fine print in their terms of service which says they have no responsibility for data loss and that they do not guarantee or even offer routine backups without a specific order for one.

Perhaps I am technically naive, but it did not occur to me that using a service like Media Temple’s was not a cloud service. But I do not want to argue about terminology—the shocking thing is the lack of backups. Not only does Media Temple fail to follow industry best practices for backups, they don’t have any public policy about backup frequency at all. It took me all day to find out that backups are made once per week. It took me all day to find out that once each week all backups are erased unless you have ordered special services. I don’t know how effective those backups would be, given this experience.

And yes, I know that the default POP behavior is to download all of the emails. But these were (and are) IMAP accounts. Perhaps all of the emails were downloaded onto the new laptop? No, when the laptop was finally booted up midmorning the emails were no longer there. {Could they be in a temporary Internet file somewhere? I’m not familiar with Windows 7 internals—if you know please share this information.}

The reason why I am writing this is that you may think you are running a business prudently by putting data into a cloud where backups are handled by professionals. But if you have placed your data with Media Temple, it is at risk. If you are in the Eastern Hemisphere—as I am—you run an additional risk of not being able to find out about the existence of an attack until it has occurred and Media Temple has overwritten their sole backup. Kim Dotcom is right—it is not worth it to host Internet services in the United States.

If you’d like to give Media Temple your opinion, their email address for public relations is reportcard@mediatemple.net. In my view, they should either follow industry best practices or tell their customers explicitly that they do not do so.

You have been warned. Data hosted at at Media Temple is at risk.

Written by mokane

November 7, 2012 at 7:30 pm

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: