Service Announcement : 26 May

I have passed it on to the team to check and verify. So far only seen this report. Checking for any other such complaints.

Hey guys,

This is horrible, i have the same issue here. All sorts of screen shots of a unown persons on my phone. Im afraid the same thing happend to my photo’s. What to do!? Is this only happaning to cloud photos or is it a telephone hack?

Whoa @JPM13 @Shiro this is indeed terrible, apologies for this. We confirm the files or content have not mixed up, it was a temporary authentication mixup: the server was returning some sessions for another user. The code responsible for this has been removed.

Once we lift the maintenance in the next hour you should see all your files again. Depending on the behaviour of the client it could either synchronize with the last content or keep the old files. Please delete any files or content not belonging to you.

Meanwhile we are assessing the number of users impacted, we haven’t seen this ourselves so we’re uncertain of how many cases there are.

The Infra team would like to clarify that this issue is not related to the Service upgrade we ran on the 26th of May.

2 Likes

@JPM13 @Shiro traffic is reopened now. Can you see if the data is automatically cleared on your phone? And if you log in to https://ecloud.global or https://murena.io do you confirm only your data is there?

Clarification: the issue is unrelated to the migration on Thursday. It was caused by a human error when applying a patch that had previously allowed a great improvement in performance, allowing the service to be restablished with all guarantees on Friday. We have for now removed this piece even though the original works well.

1 Like

Wait a minute … Does this mean that all the data are clear to view on the server? There is no encryption? If someone access your server everything is open to every eyes? Oo
I am totally unaware of the technical details about how such services work, but I’m quite concerned that a server can return the session of anyone, and that when it does, everything is basically readable. Do you have a list of the accounts that may have been leaked?

1 Like

@jipetouille the data is encrypted, we cannot see it; just the structure of it. That is how I can see that there is no Screenshots folder in @Shiro 's file structure.

Update:
More info on our docs.

This is the standard/default nextcloud encryption system; their end-to-end system is unstable and causes data loss. But you’re right, a true end-to-end encryption system would have prevented this.

This makes such project which we’re already exploring even more urgent to implement.

2 Likes

The data is cleared and only my data is now there that i can confirm. And my storage was full so there was no way for the data to be saved on my cloud, it was only on my phone.

1 Like

Then perhaps reopening the other topic again and moving related stuff over there would be better to not mix this.

2 Likes

I’m not from the team, but if there is an authentification mixup, the server mixes the answer to request from clients. A Client could get the wrong answer aka a photo sync in this cases. So it doesn’t mean a whole data breach, only files are accessed which are uploaded/downloaded for a few hours/minutes (?). As the eCloud itself was not accessible for users means only a few of the most recent files could be leaked.

3 Likes

I know but most of the users are going to link the two together.

Shows how useless service side encryption is.

/e/ team why do you still refuse to offer end to end encryption support as is already supported in upstream Nextcloud?

There is zero privacy when you can read users files.

3 Likes

@anon88181694

More info on our docs.

This is the standard/default nextcloud encryption system; their end-to-end system is unstable and causes data loss. But you’re right, a true reliable end-to-end encryption system would have prevented this.

This makes such project which we’re already exploring even more urgent to implement.

@Scytale Indeed, for now we have identified the anomalous situation lasted about 25’

That’s not the same, if we would call it an “attack” it would “only” paket interception, that is not the same as being able to access every user file.

Afaik eCloud uses user-key encyption, which means not readable by admins. At least this is what the settingspage suggests and the NextCloud Wiki states.

1 Like

Thanks a lot for the answer, it becomes less concerning. So basically, everything that has not been download/uploaded during the time there was this mess is not leaked. Still horrifying that a company that promotes data privacy has this kind of problems… I hope there will be a communication with full transparency about what happened…

2 Likes

Server-side encryption is not entirely useless. It prevents me or a potential attacker from having access to the data when logged into the server. But yes it’s not the final solution we’d like to have.

@Scytale we don’t suggest anywhere user-key encryption is used. That one was removed as default because it has many problems with shares or with external apps like onlyoffice.

Correct, it is no longer happening and most clients should wipe all data when syncing now.

Indeed, we must publish the results of the investigation and an apology. We are gathering all info on this. This thread is also public and we’re sharing what we know in real time. Our policy is always to be transparent and honest.

4 Likes

@JPM13 please confirm also when possible

Than have a look at the users’s settings page about security. It says (at least before the maintenance) that even administrators cannot access the files. And it links to an NextCloud Wiki page, where the different encyption modes are explained. Encryption with a server side key would mean, anybody with admin access can decrypt user files, and only user-key encyption would keep admins from reading the files.

So it doesn’t suggest, it clearly is false.

Sounds harsh, but I’d rather trust eFoundation than Google at the end of the day.

2 Likes

@Scytale
why are you downplaying how useless server side encryption is?

Per https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html

It encrypts only the contents of files, and not filenames and directory structures.

and

Encryption keys are stored only on the Nextcloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your Nextcloud server is compromised, and it does not prevent Nextcloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your Nextcloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption.

/e/ team could trivially modify their instance to decrypt user files if they wanted to.
(not saying they are to be clear)

Client side end-to-end encryption for cloud storage in 2022 is an absolute must have, especially for a service advocating privacy.

4 Likes