UPDATE: One Drive is down and has been for at least an hour. Slowly being brought back online.

[Donut417]

14 minutes ago, tim0901 said:

It is illegal in all 50 states,

There are no laws in the US that a company has to notify the general public. In fact a few years ago I was a student at EMU. We had day were speakers came in to talk. One of the ones I signed up for what about cyber security. Pretty much was told that companies are breached all the time and we never hear a damn thing. 

 

15 minutes ago, tim0901 said:

notify the relevant organisations

There is a difference between "Relevant organizations" and the general public. Most companies here in the US will notify the government of a breach, generally the FBI, but that doesnt mean the public will find out. A lot of times they want to see how sever the damage is before they make people panic. 

[Uttamattamakin]

36 minutes ago, Donut417 said:

There is a difference between "Relevant organizations" and the general public. Most companies here in the US will notify the government of a breach, generally the FBI, but that doesnt mean the public will find out. A lot of times they want to see how sever the damage is before they make people panic. 

The FBI has been known to observe the hack in progress and try to compromise the hackers.  They have been known to set up tor relays and analyze the traffic (I'd wager most tor relays belong to the major governments of the world, second major criminal organizations, major corporations, then third private people. 

47 minutes ago, tim0901 said:

They operate in the EU, therefore they are subject to GDPR. Just because they're an American company doesn't mean they can break the law.

 

Edit: Source

Good luck with extradition.  Good luck with getting MS out of Europe.  If the choice is be liable for massively destructive data compromise or pay a fine in the EU they'll pay the fine.   

[Mark Kaine]

1 hour ago, Uttamattamakin said:

Suppose they had to restore or revert data at  the scale of a whole data center.  That would not be a fast process.

so yeah i just logged in (on my phone because security lol) and its pretty much a white space with some error messages... its weird this seems worldwide too, cause im in europe,  you'd think they have more than one data center - even though if they really messed up an update... i mean who would do a critical update on all servers worldwide at the same time though...? Curious...

 

 

 

[Uttamattamakin]

10 minutes ago, Mark Kaine said:

so yeah i just logged in (on my phone because security lol) and its pretty much a white space with some error messages... its weird this seems worldwide too, cause im in europe,  you'd think they have more than one data center - even though if they really messed up an update... i mean who would do a critical update on all servers worldwide at the same time though...? Curious...

That is the kind of thing that makes this seem like a possible hack or cyber attack to my mind.  Especially given the report we have here

Meanwhile Microsoft says. 

 

Quote

Title: Users are unable to access OneDrive

User Impact: Affected users are unable to access OneDrive features and content.

Current Status: We've finished reverting the code change and we're continuing to perform the targeted restarts. While the restarts progress, some users may see signs of recovery.

Start Time: 01/11/2023 11:14 PM UTC

Next update: Thursday, January 12, 2023, at 6:30 AM UTC

Show more

 

[tim0901]

1 hour ago, Donut417 said:

There are no laws in the US that a company has to notify the general public. In fact a few years ago I was a student at EMU. We had day were speakers came in to talk. One of the ones I signed up for what about cyber security. Pretty much was told that companies are breached all the time and we never hear a damn thing. 

 

There is a difference between "Relevant organizations" and the general public. Most companies here in the US will notify the government of a breach, generally the FBI, but that doesnt mean the public will find out. A lot of times they want to see how sever the damage is before they make people panic. 

Yeah my bad - I saw they had to notify the relevant organisations and assumed users would be included (as they should) forgetting just how terrible your data protection laws are over there. Under GDPR both organisations and users must be told.

 

But either way, I think this is all pretty irrelevant as I really don't think they're connected, let alone evidence of a "wider data breach". If they were I would expect to see far more chatter about this online. Could be malware, could be social engineering, who knows. For many people their Google account is a single point of failure as password reset will allow hackers into basically anything - that would be my guess as to how they got into the Amazon account, but it's not like I know all the details.

 

I hate to be that guy, but just use 2FA y'all (and not the shitty type with your phone number, use TOTP via Google Authenticator or Authy or something like a Yubikey). And make sure to store the backup codes somewhere safe - preferrably NOT digitally, write them in a notebook or something. Chances are 2FA would have prevented all of this.

 

16 minutes ago, Mark Kaine said:

so yeah i just logged in (on my phone because security lol) and its pretty much a white space with some error messages... its weird this seems worldwide too, cause im in europe,  you'd think they have more than one data center - even though if they really messed up an update... i mean who would do a critical update on all servers worldwide at the same time though...? Curious...

Working just fine for me in the UK, has been for a good hour or so, although I can't say I ever noticed that it wasn't. Probably your nearest server just hasn't restarted yet. And I guess it's in the name - critical update. An hour or two of downtime while you reset things could be worth the risk depending on what they were patching.

[Uttamattamakin]

4 minutes ago, tim0901 said:

Working just fine for me in the UK, has been for a good hour or so. Probably your nearest server just hasn't restarted yet. And I guess it's in the name - critical update. An hour or two of downtime while you reset things could be worth the risk depending on what they were patching.

Thank Brexit. 

By the by would GDPR apply in the UK?  It came after Brexit ... right?  IJS.   

 

Our union is not so great at data privacy


but it is better at not breaking up. 

[tim0901]

13 minutes ago, Uttamattamakin said:

By the by would GDPR apply in the UK?  It came after Brexit ... right?  IJS.   

No, it came before. GDPR came into law in April 2016, while Brexit happened in January 2020. (I deal with GDPR every day - I know how it works).

 

And Brexit has nothing to do with it. Microsoft runs 10 datacentres in Europe, with 8 more currently under construction (Azure tells you this stuff as it lets you pick which datacentre you use). So it's nothing more than load-balancing - our data protection laws are so similar that keeping UK data separate is just an unnecessary (expensive) complication.

[wanderingfool2]

45 minutes ago, Uttamattamakin said:

That is the kind of thing that makes this seem like a possible hack or cyber attack to my mind.  Especially given the report we have here

There really isn't much to assume a hack or cyber attack; especially when the updates state a bad configuration and no one really has shown any evidence that it's been hacked.

 

With the PSA one you showed, that to me doesn't indicate an OneDrive issue.  If their Amazon and Google accounts were compromised it usually means password reuse/guessable password, the email account was compromised and they used that to get into the Amazon account, or something like malware on the phone which took the passwords.

 

The other one was getting the card information, which with Microsoft they are PCI DSS compliant and had a QSA audit.  At that point a compromise really shouldn't affect credit card information.

 

The last thing which makes it unreasonable to assume the above was because of a One Drive breach as of now is what kind of hackers would breach a system as large as one drive and try sending a $25 gift card to an email that doesn't exist.  The risk reward model is not there at all.  If you breach something like One Drive, you would likely be trying to either do a ransom or sell the information on the black market.

[Arika]

2 hours ago, Uttamattamakin said:

That said there is a reason UNCONFIRMED is in big letters. 

That might be what you originally typed, but your responses after the OP are you basically saying it IS a hack and MS are just lying to save face.

[BlueChinchillaEatingDorito]

Final update on the matter. Service has been restored.

[Spotty]

4 hours ago, Uttamattamakin said:

There are UNCONFIRMED reports that this may be a wider data breach. 

The post by @Mel0n. doesn't report that OneDrive suffered a data breach. It says "Edit: It appears oneDrive is down" which then links to this thread. He is only commenting on your post saying that OneDrive is currently down. He does not claim that his accounts were compromised as a result of a data breach at OneDrive. He doesn't even say that he uses OneDrive... That is not a report that there was a OneDrive data breach because Mel0n makes no such claim.

Since you say there are reports (plural), what are the other reports that there was a data breach? You've doubled down on this being a data breach in the replies and have since updated the thread title to emphasise the possibility of a data breach so I'm assuming you have additional reports and information that supports that this was in fact a data breach and not a configuration error as reported?

If there was a data breach then that is pretty significant news, however it's irresponsible to raise false alarms making baseless claims about services suffering major data breaches. You shouldn't make such potentially damaging claims unless you have good reason to believe they are true.

[LAwLz]

So OneDrive went down because of a configuration change by Microsoft.

Someone on this forum made a status update roughly around the same time that someone had tried to login to their Google and Amazona accounts.

OP decided that these two occurrences must be related and is now going around saying that Microsoft is probably involved in a conspiracy to cover up a data breach?

 

 

Seems a bit far fetched, no?

[mr moose]

Finding out your X accounts have been compromised at the same time one drive has a failure is just the law of averages at play,  correlation does not equal causation. 

 

I would be more surprised if anyone who had their X accounts compromised on any one day also didn't have a one drive account.   Because then you'd have to claim using one drive made you immune to fraud.

[Beerzerker]

7 hours ago, Caroline said:

*pats case* see I told you not to be jealous of those shitty corporate servers for normies.

 

This bad boy can fit so much local storage in it. Never using the "cloud" or streaming services as long as I live.

Exactly!

I don't have alot that needs to be stored anyway but still, even if I did I'll never use "The Cloud" myself.

[Mark Kaine]

45 minutes ago, Beerzerker said:

Exactly!

I don't have alot that needs to be stored anyway but still, even if I did I'll never use "The Cloud" myself.

i mean there are definitely use cases for it, i use it to share stuff with my friends sometimes, its not like they could download it from my computer, i just don't use it for sensitive or actually important stuff... and i like mega, they even have a pretty good media player that i wish would be standard, i much prefer it over yt for example (there's also *no* compression whatsoever,  the videos play exactly like you uploaded it (idk if it can do 120fps tho, that would be cool)

Streaming services could be youtube btw... sure it kinda sucks but everyone is using it anyway? 

Or Steam. Also "cloud" service.

 

Eh, also more on topic, i tried "one drive" its terrible, like other ms online services it just feels very convoluted, restrictive and weird... its almost comical if I think ms is one of the biggest cloud service providers... maybe they're good at non consumer facing stuff, because that "isnt it"... basically straight out of the 90s and not in a good way "this pane can not be used in your current view" -- "then why is it there??" lol  

[leadeater]

7 hours ago, Uttamattamakin said:

Good luck with extradition.  Good luck with getting MS out of Europe.  If the choice is be liable for massively destructive data compromise or pay a fine in the EU they'll pay the fine.   

 

7 hours ago, tim0901 said:

Yeah my bad - I saw they had to notify the relevant organisations and assumed users would be included (as they should) forgetting just how terrible your data protection laws are over there. Under GDPR both organisations and users must be told.

 

Your point is still valid. OneDrive is global so the requirement to disclose a data breach is still there, hence if anyone under the jurisdiction of GDPR is affected then Microsoft must disclose this. So it doesn't matter that in the US they can stay quiet or whatever, they can't do that in other places ergo everyone now knows.

[Mark Kaine]

12 minutes ago, leadeater said:

 

 

Your point is still valid. OneDrive is global so the requirement to disclose a data breach is still there, hence if anyone under the jurisdiction of GDPR is affected then Microsoft must disclose this. So it doesn't matter that in the US they can stay quiet or whatever, they can't do that in other places ergo everyone now knows.

yeah, but they have 70 hours, i believe someone said above?

 

i mean thats only fair,  they need some time to check and its better to wait a bit than false alarm imo too...

 

but this doesn't look like a breach... they just had a bad day i guess lol... is this service always so slow btw, it barely loads on my phone,  id never use it on my pc (that doesn't even have a microsoft store ¯\_(ツ)_/¯  oops!)

[leadeater]

4 minutes ago, Mark Kaine said:

but this doesn't look like a breach... they just had a bad day i guess lol... is this service always so slow btw, it barely loads on my phone,  id never use it on my pc (that doesn't even have a microsoft store ¯\_(ツ)_/¯  oops!)

Microsoft making a bad configuration and taking down one of the Office 365 services is not exactly rare lol.

 

My team provides the technical support and management of Office 365 and I configure the backups for it and those are continuous rolling backups so every problem of any kind shows up real well. OneDrive, Exchange Online, SharePoint Online, Teams etc having a service problem is not in the least bit rare. Extended hour or more ones less so common but honestly not in the least surprising.

 

An actual service level data breach of OneDrive far as I know has never happened. Data breaches from user/owner level configuration of security permissions yes, not the same thing at all though.

[jagdtigger]

Well it was just a matter of time after they started forcing ppl to use their crappy online accounts to login into their OS....... (they basically painted a gigantic bull's eye on their back)

[Doobeedoo]

So bad config just not shark chewing a sea cable ok.

[Mark Kaine]

34 minutes ago, jagdtigger said:

Well it was just a matter of time after they started forcing ppl to use their crappy online accounts to login into their OS....... (they basically painted a gigantic bull's eye on their back)

well of course, on the other hand nothing ever happened... one also has to differentiate between front facing "big dumb microsoft" and microsoft internally... they're pretty much on top of it in the security game

[Fasterthannothing]

This is the most misleading title I've ever seen on this form and that's saying something. There was no databreach and absolutely no one other than OP is suggesting such a thing. It was a flawed update that caused this.

[Uttamattamakin]

15 hours ago, Spotty said:

The post by @Mel0n. doesn't report that OneDrive suffered a data breach. It says "Edit: It appears oneDrive is down" which then links to this thread. He is only commenting on your post saying that OneDrive is currently down. He does not claim that his accounts were compromised as a result of a data breach at OneDrive. He doesn't even say that he uses OneDrive... That is not a report that there was a OneDrive data breach because Mel0n makes no such claim.

 

 FIRST and most importantly it does appear to have been what Microsoft says it was.  One of their own on the inside made a software update that just happened to nuke all of their OneDrive connected services.  Worldwide.  You know because that is a normal ordinary thing to do on a random wednesday in January.

As for my source on this possibly being a cyber attack.  There are the circumstances and the context. CONTEXT.  @Mel0n. made this post under my status update reagarding one drive. 

 

5 minutes ago, Fasterthannothing said:

This is the most misleading title I've ever seen on this form and that's saying something. There was no databreach and absolutely no one other than OP is suggesting such a thing. It was a flawed update that caused this.

I am the one that reported it was a flawed update.  I also reported what was reported to me after my initial status update.  See below.  

 

15 hours ago, Spotty said:

Since you say there are reports (plural), what are the other reports that there was a data breach? You've doubled down on this being a data breach in the replies and have since updated the thread title to emphasise the possibility of a data breach so I'm assuming you have additional reports and information that supports that this was in fact a data breach and not a configuration error as reported?

If there was a data breach then that is pretty significant news, however it's irresponsible to raise false alarms making baseless claims about services suffering major data breaches. You shouldn't make such potentially damaging claims unless you have good reason to believe they are true.

Given that it would be irresponsible to NOT sound an alarm of a possible cyber attack that is ongoing.   One does not wait to see the funnel cloud before taking shelter.  One takes shelter when the Tornado siren sounds.  Plus this is a key reminder do not rely on cloud storage alone as "backup".   I stand by the reporting given the circumstances and only with hindsight can it be judged negatively. 

 

Everyone is an infallible Godlike genius 24 hours or more after the event. 

@Arika S See above as to why in the midst of a possible emergency one should take precautions as if it was an emergency.  Changing passwords just in case cost nothing.  Loosing data can cost everything. 

Which brings me to this comment. 
 

 

8 hours ago, leadeater said:

Microsoft making a bad configuration and taking down one of the Office 365 services is not exactly rare lol.

 

My team provides the technical support and management of Office 365 and I configure the backups for it and those are continuous rolling backups so every problem of any kind shows up real well. OneDrive, Exchange Online, SharePoint Online, Teams etc having a service problem is not in the least bit rare. Extended hour or more ones less so common but honestly not in the least surprising.

 

An actual service level data breach of OneDrive far as I know has never happened. Data breaches from user/owner level configuration of security permissions yes, not the same thing at all though.

I've never noticed a outage of this magnitude.  I mean I get a certain file not being available here or there.  The whole service being down, all around the world.  Not just slow, not just out of sync just down, gone. I've used One Drive since 2012 or 2013 and never saw anything like this one. 

This is a great idea and I run a similar system using a program that allows Linux to access One Drive and Google drive, and sync everything to my NAS.  Then I also back that up periodically to a sata hard drive, spinning rust, that attaches to a hot swappable SATA bay.  That is what everyone should do.   This should be made simple and easy to do by One Drive itself.  Like there should be a 1 Click option that pops up and says "Connect an internal SSD and copy everything to your own media", or "designate a local computer on your network to keep a copy of everything where you can always get it".  (Like what Drop Box allows). 

NO MS wants us to rely on then, to be part of a walled ecosystem and risk loosing it all if they screw up even worse. 

All of the above said.  I really appreciate all of the comments.  I will take account of all of that and write with more nuance and more qualifications if I catch wind of a possible cyber attack that is ongoing.  It would be wise if all of us were on the look out at all times for this. 

 

One other thing I want to point out.  There were a lot of comments made early in the thread about how "stupid" someone would have to be to have their password breached.  Uhm.  People store all sorts of records On One drive.  Often have all their user folders synced there.  That would include business and financial documents with every bit of info needed to steal an identity, change passwords, open credit lines, and make purchases.  There are whole call centers, and office parks around the world full of people who hack and crack and scheme for a living.  That leaves out state funded actors.   This is a serious concern and one would hope people would not be so caviler about it. 

Edited January 12, 2023 by Uttamattamakin
One more thing, on comments about how "dumb" or whatever one would need to be to get hacked.

[Beerzerker]

With this and what happened with the FAA just yesterday as of this post, it can make you wonder - I sure did.

Both incidents are said to not be a hack.... And how often have we heard that statement, only for it to be revealed as being the actual truth later?
Way too often I'm afraid, so don't be suprised I'm kinda skeptical about it.

[leadeater]

22 minutes ago, Uttamattamakin said:

I've never noticed a outage of this magnitude.  I mean I get a certain file not being available here or there.  The whole service being down, all around the world.  Not just slow, not just out of sync just down, gone. I've used One Drive since 2012 or 2013 and never saw anything like this one. 

It's happened more than once, depends if you are awake at the time. SharePoint Online and Teams outages are more common than OneDrive.

 

22 minutes ago, Uttamattamakin said:

Like there should be a 1 Click option that pops up and says "Connect an internal SSD and copy everything to your own media", or "designate a local computer on your network to keep a copy of everything where you can always get it".  (Like what Drop Box allows). 

You can...

 

You can tell files and/or folders to always be available locally.