FBI Megaupload Shutdown Cuts Off Users From Personal Files, Business Data

Megaupload users who stored backups and personal data on the site protested the loss of their files, highlighting the risks of using a consumer file-sharing service for business purposes.

After law enforcement authorities shut down Megaupload, a popular file sharing service, for violating copyright laws, Internet users took to Twitter and online forums in protest, calling it a form of censorship.

For many users, the shutdown had nothing to do with piracy and everything to do with the fact that their backups and data were now gone.

The Department of Justice executed more than 20 search warrants in the United States and in eight other countries to seize servers and domains belonging to Megaupload, according to a 72-page federal indictment unsealed Jan. 19. Megaupload is an online "locker" service in which users can anonymously upload large files to the company servers and share the content via a unique URL.

While users may have used Megaupload to illegally share music, TV shows, movies and software, as the indictment claimed, there were plenty of people who used the service to store personal and private files, including work documents, videos and photographs. After the shutdown, these users complained on Twitter that they had been using the service to store their own content.

"I & many other musicians use #MegaUpload to store & share files created & owned by us. Surely their access & deletion by the FBI is illegal?" Suzanne Barbieri, a musician and writer, posted on Twitter.

Other users described having used Megaupload as a backup service to store images and personal recordings they'd created themselves. Websites and forums that linked to content stored on Megaupload found themselves with broken links on their sites. Xda-Developers, a community of more than 4 million users who discuss Windows Phone, Android, Bada and webOS development, now have more than 200,000 broken links on their site, Extreme Tech reported.

"Who will store their data in the cloud if foreign Govs indiscriminately take down entire services? Megafail for cloud computing," wrote Twitter user Jon Isbell.

There appears to be three types of Megaupload users, the actual pirates, those who relied on the site for backups and those who stored their core work on the cloud, said Gant Redmon, general counsel of Co3 Systems. The situation is not "too bad" for the group with backups, since they presumably still have their data and can put backups somewhere else. The ones suffering are the ones who had embraced cloud storage and kept their data online, he said.

Organizations should be evaluating online hosting, backup and collaboration providers to figure out which ones are trustworthy before moving their data outside of their networks. It's becoming increasingly clear that individuals need to be doing similar research and making sure they understand who they are giving their data to, Redmon said.

"Do we have to be evaluating where we put our data? I think these days, the answer is yes," Redmon said.

Organizations probably don't need to worry about the prospect of losing data stored on cloud services because of a federal take down, provided they'd picked a business-focused provider, said Geoff Webb, director of product marketing at Credant Technologies. While the Megaupload shutdown doesn't mean organizations should stop using cloud-based services, they do need to consider the very likely possibility their employees are using consumer-oriented services to store corporate data, he said. The increasing usage of consumer-oriented services opens the enterprise to risk of data loss.

According to a recent Palo Alto Networks report examining applications that were running on enterprise networks, 57 percent of the organizations had someone accessing Megaupload. The number was higher for Dropbox, with 72 percent.

Employees are moving protected, sensitive or valuable content up into a cloud provider without oversight or controls and the "compliance implications alone can, and do, keep CIOs up at night," Webb said.

If employees had stored data on a cloud provider that got shut down, the likelihood of the company getting that data in a timely manner is practically nonexistent, Redmon said.

Organizations should take the incident as a reminder that they should be evaluating online hosting, backup and collaboration providers to figure out which ones are trustworthy, said Neil Roiter, research director at Corero Network Security. If the provider has a reputation for open file sharing and providing access to obviously pirated digital content, "proceed at your own risk," Roiter said, adding, "Better, just don't do it."