Cloud catastrophes: How Code Spaces were EOL’d
As a long-time backup & recovery expert, I’ve seen a lot of backup plans go wrong. But few tales are as tragic or illustrative as the 2014 hack that utterly decimated Code Spaces. They lost their entire cloud platform and 200 clients’ data – all thanks to putting too much trust in cloud redundancy.
(This blog post summarizes the latest episode of The Backup Wrap-up podcast. We’re in a series talking about major cloud disasters. If you’d like to check out the episode, you can do so here: https://www.backupwrapup.com/cloud-catastrophes-codespacescom-deleted-out-of-existence/)
On my latest episode of the Back Up Wrap-up, I walk through the series of fateful errors that allowed a single attacker to overwhelm Code Space’s business. What’s remarkable is that they publicly stated backup was a priority, with proven recovery testing procedures in place. So where did it all go wrong?
In my view, the root issue was a lack of competent cloud backup design from the start. Leaning too hard into the buzzword of redundancy ignored the cold reality – no cloud provider can restore your data when an intruder destroys it before your eyes. And by lacking fundamental security precautions, Code Spaces left themselves be vulnerable rather than vigilant.
Once the hacker had admin access, unleashing chaos was simple. Why weren’t strong access controls and routines for compromise in place? I explain the overlooked gaps like multifactor authentication that could have reduced exposure. When every minute left data at risk, there was also no swift path to isolate their cloud accounts.
Of course, had they merely followed the 3-2-1 rule with an offline backup of cloud data, they could have eventually recovered. But since they didn’t do that, the business fell as fast as the attacker typed “delete.”
There are critical lessons here for anyone staking their company on the cloud – don’t leave disaster recovery up to a vendor or assume the “magic” of cloud backup. Take control with real-world plans that acknowledge the threats we face. Listen in to understand what Code Spaces got wrong to keep your cloud-based business secure.
I get into actionable recommendations like:
✅ Enabling MFA across all admin accounts
✅ Establishing least-privilege access tiers
✅ Testing backup recovery routinely
✅ Investing in offline backup
Hear the inside story of this cloud catastrophe directly from an industry veteran – on Apple Podcasts, Spotify, or wherever you listen to podcasts. Don’t let what happened to Code Spaces happen to your company’s digital assets. The cloud still needs backup!
Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at S2|DATA, which helps companies manage their legacy data