Zoho users beware. There appears to be a nasty bug whereby a user logs in with their own credentials, but finds themselves logged into another user's account.
I have the last couple of weeks experienced that I get logged on into another account that I do not know! I can see the other account documents. Just a few minutes ago I tried to use my own logon but was logged in to the account of <...>
says a user on the Zoho forums.
Zoho says it is fixing this urgently:
We have analyzed the logs and found some race conditions that could happen under high load. We have a fix in, and are continuing to monitor it very closely. We have also launched a complete review of security, so that this type of issue does not recur. We are taking it very seriously and apologize profusely.
Food for thought nonetheless. This is the kind of reason people cite for sticking with on-premise applications. I argue that data is often safer in the cloud, but this kind of incident makes you wonder.
This article originally appeared in ITWriting.
Copyright (c) 2007, ITWriting.
A freelance journalist since 1992, Tim Anderson specialises in programming and internet development topics. He has columns in Personal Computer World and IT Week, and also contributes regularly to The Register. He writes from time to time for other periodicals including Developer Network Journal Online, and Hardcopy.