On the afternoon of July 4, 2018, as most Americans were deep into barbeques and other holiday festivities, an engineer at the social media application firm Timehop got wind of a network intrusion in its cloud computing environment that would ultimately result in the breach of personal data belonging to 21 million of its users.
The intrusion actually started months earlier, when a hacker exploited a Timehop administrator account that was not protected with multi-factor authentication, as it should have been. The hacker created a new administrator account and periodically used it to conduct reconnaissance on the site before launching the July 4 attack.
Timehop, to its credit, details the incident in a blog post, which highlights a simple fact that any user of cloud services needs to consider: use of cloud services does not absolve end users from security responsibilities.
Cloud Security Sows Confusion
Cloud security has been an issue for customers since the inception of cloud services, and it is still the subject of some confusion. Consider results from the 2018 Enterprise Cloud Index survey of 2300 IT decision makers around the globe, conducted for Nutanix by VansonBourne.