Users of Microsoft’s email service might be feeling a distinct sense of déjà vu after the web version of Outlook last night blocked access to Exchange Online mailboxes.

According to Microsoft, the problem was due to “a recent change made to a portion of Outlook on the web infrastructure, that may have resulted in impact.”

Reverting the change did the trick, and service was restored, but the question must be asked – does Microsoft test its changes before deploying to production?

The problems, according to DownDetector, began around 1730 UTC on March 19 and appeared to be worldwide. The company admitted to them via social media shortly after, saying: “We’re investigating reports of an issue affecting users’ ability to access Outlook on the web.”

Half an hour later, the company admitted it made a change that might be responsible. That change was reverted, and services started returning to normal.

This sort of incident is becoming depressingly commonplace. A lengthy outage occurred at the beginning of March which Microsoft also blamed on some dodgy code.

[…]

Source: Microsoft blames Outlook outage on another dodgy code change • The Register

The data was stored in Google Maps’ Timeline feature, which – for those of you who let Google track you around the world – preserves a record of locations you visit. That sounds creepy and perhaps creepier still once you realize Google makes it possible for photos to appear on the Timeline too, so that users can have a visual record of their travels.

Over the weekend, users noticed their Timelines went missing.

Google seems to have noticed, too, as The Register has seen multiple social media posts in which Timelines users share an email from the search and ads giant in which it admits “We briefly experienced a technical issue that caused the deletion of Timeline data for some people.”

The email goes on to explain that most users that availed themselves of a feature that enables encrypted backups will be able to restore their Maps Timelines data.

Users who did not make those backups can’t restore their data. Those who did make backups need to manually restore their info using a procedure Google included in its email.

[…]

This isn’t the first time Google has messed up users’ historical data: In 2023 the company shortened its default data retention time for location info from 18 to three months, but some users missed the announcement and then complained as their data was purged.

[…]

Source: ‘Technical issue’ at Google deletes some customer data • The Register

If you wanted to play some tunes on your iPhone this afternoon, but found nothing would play, it’s not just you: As of Tuesday afternoon ET, Apple Music is down.

Apple’s System Status website currently confirms Apple Music’s downtime. As of this piece, the site shows the following status for Apple Music:

Apple Music – Outage

Today, 2:26 PM – ongoing

Some users are affected

Users may be experiencing intermittent issues with this service.

All other Apple services, including the App Store, FaceTime, iMessage, and all iCloud services, are currently online.

Source: It’s Not Just You, Apple Music Is Down | Lifehacker

Problems with Outlook.com are continuing, with users reporting being unable to access their emails or authenticate themselves.

Part of the issue appears to be related to the initial wobble over the weekend. Some of the users affected by that outage were locked out of their accounts after repeated login failures, and Microsoft’s status center for Microsoft 365 continues to report that users might be unable to access their email using the native mail app on iOS devices.

As of today, issues persist, and Microsoft has promised another update by 2300 UTC. On the plus side, the current status has changed from “We’re analyzing available data and attempting to determine the underlying source for users’ problems” to “Our analysis of available data is ongoing as we attempt to determine the underlying source of users’ problems.”

[…]

Source: Still can’t access your Outlook mailbox? You aren’t alone • The Register

Microsoft’s Exchange Administration Center (EAC) has fallen over and appears to be struggling to get up.

The issue affects users trying to access EAC to administer Exchange Online for their users. Users began expressing frustration about the service being down just before lunchtime in the UK. The issue appears widespread in Europe, with users from countries such as Germany, Poland, and Belgium reporting problems.

Canada and the US appear fine, hinting that the issue might be location-based. The Register asked Microsoft for more details, but the company has not responded.

The EAC manages mailboxes, administers groups, and migrates data, among other functions. A lot of its functionality is also accessible via PowerShell, which currently seems to be working fine. However, the company has not commented on the issue or when it will be resolved.

Microsoft is very keen for customers to migrate from on-premises versions of Exchange to the company’s cloud, although one observer on social media remarked: “The amount of downtime they are facing is getting to a point where you can’t even argue ‘Cloud has better availability.'”

Quite. The long-held assertion that the cloud is a cheaper, more reliable option than an on-premises rack of servers has been ringing increasingly hollow in recent times. Microsoft suffered an Outlook outage over the weekend, and some Microsoft 365 users experienced downtime on Monday.

[…]

Source: Microsoft Exchange Admin Center takes siesta for EU users • The Register

The UK is full of unhappy workers that are unable to manage their payday cash amid online service outages at a host of major banks.

Downdetector indicates trouble at Lloyds Bank, Halifax, TSB, Nationwide, First Direct, Bank of Scotland, and Barclays, although the latter’s woes appear to have been resolved since the surge of complaints earlier today.

The same can’t be said for the others, however, which all continue to report glitches via their service status pages.

Across the board, the outages seem to be related to web and mobile banking, with the root cause unclear.

[…]

Unlike the other banks whose customers can’t access their online banking platforms, those who use Nationwide can still access their accounts and move money around seamlessly, provided the money is going into other Nationwide accounts under their control.

All affected customers are still able to use their debit and credit cards at ATMs and in shops.

The Financial Conduct Authority (FCA), the UK’s finance regulator, published a post-CrowdStrike report in October, saying it noticed an upward trend of third-party related outages hitting UK banks since the beginning of 2023.

[…]

Today’s outage comes weeks after Barclays suffered a weekend-long service wobble, that reportedly left at least one customer homeless as a result.

Source: Payday from hell as several Brit banks report major outages • The Register

Microsoft has notified customers that it’s missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions.

According to a notification sent to affected customers, Microsoft said that “a bug in one of Microsoft’s internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform” between September 2 and September 19.

The notification said that the logging outage was not caused by a security incident, and “only affected the collection of log events.”

Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights.

[…]

The affected products include Microsoft Entra, Sentinel, Defender for Cloud, and Purview, according to the Business Insider report.

[…]

The logging outage comes a year after Microsoft came under fire from federal investigators for withholding security logs from certain U.S. federal government departments that host their emails on the company’s hardened, government-only cloud; investigators said having access to those logs could have identified a series of China-backed intrusions far sooner.

The China-backed intruders, referred to as Storm-0558, broke into Microsoft’s network and stole a digital skeleton key that allowed the hackers unfettered access to U.S. government emails stored in Microsoft’s cloud

[…]

Following the China-backed hacks, Microsoft said it would start providing logs to its lower-paid cloud accounts from September 2023.

Source: Microsoft said it lost weeks of security logs for its customers’ cloud products | TechCrunch

Cloud problems scale so very very well. Everyone has a problem if your cloud provider has one.

Microsoft’s Outlook app is crashing for European users due to memory problems, Redmond has warned, and evidence suggests the problems are spreading to the US.

“We’re investigating an issue in which users in Europe may be experiencing crashing, not receiving emails or observing high memory usage when using the Outlook client,” Redmond warned.

“We’re analyzing data from customers experiencing crashes and high memory usage when using the New Outlook desktop app. We’re reviewing service telemetry and reproducing the issue internally to develop a mitigation plan.”

So far, there is no word on Microsoft’s plan, but social media reports suggest the US East Coast at least is suffering similar problems. Downdetector indicates the issue appears to be spreading.

“It’s been spreading across the country like the common cold now, and I can’t seem to figure out what is causing it,” reported one user. “There have been no changes to the environment and no updates to the Windows desktops that are having this issue.”

Microsoft’s engineers are working on the issue and trying to find out what the problem is. It’s not a good look for a software giant’s main email system.

[…]

Source: Microsoft applies fix for Outlook crashes • The Register

The new Outlook app is absolutely a downgrade in every way from the old one.

According to correspondence released by the Scottish Police Authority (SPA) under freedom of information (FOI) rules, Microsoft is unable to guarantee that data uploaded to a key Police Scotland IT system – the Digital Evidence Sharing Capability (DESC) – will remain in the UK as required by law.

While the correspondence has not been released in full, the disclosure reveals that data hosted in Microsoft’s hyperscale public cloud infrastructure is regularly transferred and processed overseas; that the data processing agreement in place for the DESC did not cover UK-specific data protection requirements; and that while the company has the ability to make technical changes to ensure data protection compliance, it is only making these changes for DESC partners and not other policing bodies because “no one else had asked”.

The correspondence also contains acknowledgements from Microsoft that international data transfers are inherent to its public cloud architecture. As a result, the issues identified with the Scottish Police will equally apply to all UK government users, many of whom face similar regulatory limitations on the offshoring of data.

[…]

Nicky Stewart, a former ICT chief at the UK government’s Cabinet Office, said most people with knowledge of how hyperscale public cloud works have known about these data sovereignty issues for years.

“It’s clearly going to be a concern to any police force that’s using Microsoft, but it’s wider than that,” she said, adding that while Part 3 of the Data Protection Act (DPA) 2018 clearly stipulates that law enforcement data needs to be kept in the UK, other kinds of public sector data must also be kept sovereign under the new G-Cloud 14 framework, which has introduced a UK-only data hosting requirement.

[…]

Microsoft’s commitment to not access customer data without permission is further complicated by the terms of service, which make that promise strictly conditional by giving the company the ability to access data without permission if they either have to fulfil a legal burden, such as responding to government requests for data, or to maintain the service.

[…]

He added that given Microsoft’s disclosures to the SPA, “it must now be obvious that M365 and Azure Cloud services do not meet the two key requirements” to be a legal processor or sub-processor of law enforcement data under the DPA 18.

“These are: one, to conduct all processing and support activities 100% from inside the UK; and two, to only make an international transfer if they are specifically instructed to make the particular transfer by the controller,” he said.

“Microsoft have confirmed that they do not and cannot commit to requirement one for their M365 services, or indeed for most of the services they operate and support in Azure. They have also said that they cannot ‘operationalise’ individual requests as required of them under section 59(7) of the act, thus failing to meet requirement two.

“There can be no clearer evidence than Microsoft’s own clarifications that they cannot meet the legal requirements for a processor or sub-processor of law enforcement data.”

Stewart said: “If it’s not possible to understand the simple question, ‘do you know where your data is all the time?’, then you probably shouldn’t be putting your data in that platform.”

[…]

Source: Microsoft admits no guarantee of sovereignty for UK policing data | Computer Weekly

With the EU and also some EU domain name registrars (looking at you, SIDN) working with these crazy cloud providers, it should have been blindingly obvious that putting data in a US cloud provider would open it up for US spying and a complete lack of data ownership. However idiots will be idiots.

More than half a million UniSuper fund members went a week with no access to their superannuation accounts after a “one-of-a-kind” Google Cloud “misconfiguration” led to the financial services provider’s private cloud account being deleted, Google and UniSuper have revealed.

Services began being restored for UniSuper customers on Thursday, more than a week after the system went offline. Investment account balances would reflect last week’s figures and UniSuper said those would be updated as quickly as possible.

The UniSuper CEO, Peter Chun, wrote to the fund’s 620,000 members on Wednesday night, explaining the outage was not the result of a cyber-attack, and no personal data had been exposed as a result of the outage. Chun pinpointed Google’s cloud service as the issue.

In an extraordinary joint statement from Chun and the global CEO for Google Cloud, Thomas Kurian, the pair apologised to members for the outage, and said it had been “extremely frustrating and disappointing”.

They said the outage was caused by a misconfiguration that resulted in UniSuper’s cloud account being deleted, something that had never happened to Google Cloud before.

“Google Cloud CEO, Thomas Kurian has confirmed that the disruption arose from an unprecedented sequence of events whereby an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services ultimately resulted in the deletion of UniSuper’s Private Cloud subscription,” the pair said.

“This is an isolated, ‘one-of-a-kind occurrence’ that has never before occurred with any of Google Cloud’s clients globally. This should not have happened. Google Cloud has identified the events that led to this disruption and taken measures to ensure this does not happen again.”

While UniSuper normally has duplication in place in two geographies, to ensure that if one service goes down or is lost then it can be easily restored, because the fund’s cloud subscription was deleted, it caused the deletion across both geographies.

UniSuper was able to eventually restore services because the fund had backups in place with another provider.

“These backups have minimised data loss, and significantly improved the ability of UniSuper and Google Cloud to complete the restoration,” the pair said.

[…]

Source: Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’ | Superannuation | The Guardian

Google is dealing with its second “lost data” fiasco in the past few months. This time, it’s Google Drive, which has been mysteriously losing files for some people. Google acknowledged the issue on November 27, and a week later, it posted what it called a fix.

It doesn’t feel like Google is describing this issue correctly; the company still calls it a “syncing issue” with the Drive desktop app versions 84.0.0.0 through 84.0.4.0. Syncing problems would only mean files don’t make it to or from the cloud, and that doesn’t explain why people are completely losing files. In the most popular issue thread on the Google Drive Community forums, several users describe spreadsheets and documents going missing, which all would have been created and saved in the web interface, not the desktop app, and it’s hard to see how the desktop app could affect that. Many users peg “May 2023” as the time documents stopped saving. Some say they’ve never used the desktop app.

[…]

Google’s recovery instructions outline a few ways to attempt to “recover your files.” One is via a new secret UI in the Google Drive desktop app version 85.0.13.0 or higher. If you hold shift while clicking on the Drive system tray/menu bar icon, you’ll get a special debug UI with an option to “Recover from backups.” Google says, “Once recovery is complete, you’ll see a new folder on your desktop with the unsynced files named Google Drive Recovery.” Google doesn’t explain what this does or how it works.

Option No. 2 is surprising: use of the command line to recover files. The new Drive binary comes with flags for ‘–recover_from_account_backups’ and ‘–recover_from_app_data_path’, which tells us a bit about what is going on. When Google first acknowledged the issue, it warned users not to delete or move Drive’s app data folder. These flags from the recovery process make it sound like Google hopes your missing files will be in the Drive cache somewhere. Google also suggests trying Windows Backup or macOS Time Machine to find your files.

Google locked the issue thread on the Drive Community Forums at 170 replies before it was clear the problem was solved. It’s also marking any additional threads as “duplicates” and locking them.

[…]

Of the few replies before Google locked the thread, most suggested that Google’s fix did not work. One user calls the fix “complete BS,” adding, “The “solution” doesn’t work for most people.” Another says, “Google Drive DELETED my files so they are not available for recovery. This “fix” is not a fix!” There are lots of other reports of the fix not working, and not many that say they got their files back. The idea that Drive would have months-old copies of files in the app data folder is hard to believe.

[…]

Source: Google calls Drive data loss “fixed,” locks forum threads saying otherwise | Ars Technica

Google Drive users are reporting files mysteriously disappearing from the service, with some netizens on the goliath’s support forums claiming six or more months of work have unceremoniously vanished.

The issue has been rumbling for a few days, with one user logging into Google Drive and finding things as they were in May 2023.

According to the poster, almost everything saved since then has gone, and attempts at recovery failed.

Others chimed in with similar experiences, and one claimed that six months of business data had gone AWOL.

There is little information regarding what has happened; some users reported that synchronization had simply stopped working, so the cloud storage was out of date. Others could get some of their information back by fiddling with cached files, although the limited advice on offer for the affected was to leave things well alone until engineers come up with a solution.

A message purporting to be from Google support also advised not to make changes to the root/data folder while engineers investigate the issue.

[…]

a reminder that just because files are being stored in the cloud, there is no guarantee that they are safe. European cloud hosting provider OVH suffered a disastrous fire in 2021 that left some customers scrambling for backups and disaster recovery plans.

[…]

ust because the files have been uploaded one day does not necessarily mean they will still be there – or recoverable – the next.

[…]

MatthewSt reports that he has a fix; obviously this is something worked out by a user rather than official advice, so caution is advised.

Source: The mystery of the disappearing Google Drive files • The Register

Microsoft techies are trying to recover storage nodes for a “small” number of customers following a “power issue” on October 20 that triggered Azure service disruptions and ruined breakfast for those wanting to use hosted virtual machines or SQL DB.

The degradation began at 0731 UTC on Friday when Microsoft spotted the unspecified power problem, which affected infrastructure in one Availability Zone in the West Europe region. As such, businesses using VMs, Storage, App Service, or Cosmos and SQL DB suffered interruptions.

So what caused this unplanned downtime session? Microsoft says in an incident report on its Azure status history page: “Due to an upstream utility disturbance, we moved to generator power for a section of one datacenter at approximately 0731 UTC. A subset of those generators supporting that section failed to take over as expected during the switch over from utility power, resulting in the impact.”

Engineers managed to restore power again at around 0800 UTC and the impacted infrastructure began to clamber back online again. When the networking and storage plumbing recovered, compute scale units were brought into service, and for the “vast majority” the Azure services were accessible again from 0915 UTC.

Yet not everyone was up and running smoothly, Microsoft admitted.

“A small amount of storage nodes needs to be recovered manually, leading to delays in recovery for some services and customers. We are working to recover these nodes and will continue to communicate to these impacted customers directly via the Service Health blade in the Azure Portal.”

Source: Microsoft admits ‘power issue’ downed Azure in West Europe • The Register