Incremental Backups Silently Restore Deleted Users, Creating Security Risks
Incremental backup systems for key-value stores like Azure Table Storage and DynamoDB detect changes by scanning for recently modified timestamps, but deleted rows leave no timestamp or marker behind, making them invisible to the backup process. This means that deleted accounts — including offboarded employees, compromised credentials, or revoked admin access — are quietly preserved in backups. When a restore is performed, those security decisions are reversed without any warning, potentially handing operators a system that appears healthy but is actually compromised. The recommended fix is to treat deletions as data events by writing a 'tombstone' record to a separate table whenever a row is deleted, ensuring backups capture both updates and deletions. This tombstone approach allows restores to replay deletes alongside writes, preserving the intended state of the system rather than silently undoing security actions.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in