In an announement released on October 10th, T-Mobile advised users:

Sidekick customers, during this service disruption, please DO NOT remove your battery, reset your Sidekick, or allow it to lose power.

Updated: 10/10/2009 12:35 PM PDT

T-MOBILE AND MICROSOFT/DANGER STATUS UPDATE ON SIDEKICK DATA DISRUPTION

Dear valued T-Mobile Sidekick customers:

T-Mobile and the Sidekick data services provider, Danger, a subsidiary of Microsoft, are reaching out to express our apologies regarding the recent Sidekick data service disruption.

We appreciate your patience as Microsoft/Danger continues to work on maintaining platform stability, and restoring all services for our Sidekick customers.

Regrettably, based on Microsoft/Danger’s latest recovery assessment of their systems, we must now inform you that personal information stored on your device – such as contacts, calendar entries, to-do lists or photos – that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger. That said, our teams continue to work around-the-clock in hopes of discovering some way to recover this information. However, the likelihood of a successful outcome is extremely low. As such, we wanted to share this news with you and offer some tips and suggestions to help you rebuild your personal content. You can find these tips in our Sidekick Contacts FAQ. We encourage you to visit the Forums on a regular basis to access the latest updates as well as FAQs regarding this service disruption.

In addition, we plan to communicate with you on Monday (Oct. 12) the status of the remaining issues caused by the service disruption, including the data recovery efforts and the Download Catalog restoration which we are continuing to resolve. We also will communicate any additional tips or suggestions that may help in restoring your content.

We recognize the magnitude of this inconvenience. Our primary efforts have been focused on restoring our customers’ personal content. We also are considering additional measures for those of you who have lost your content to help reinforce how valuable you are as a T-Mobile customer.

We continue to advise customers to NOT reset their device by removing the battery or letting their battery drain completely, as any personal content that currently resides on your device will be lost.

Once again, T-Mobile and Microsoft/Danger regret any and all inconvenience this matter has caused.

Cloud computing remains “the buzz phrase that won’t go away” and still captures the hearts of IT professionals everywhere. With that in mind, many (including yours truly) still remain unconvinced that that cloud provides a better alternative to effectively managing your own assets.

For T-Mobile Sidekick users who only kept their information in the cloud, it looks like their balloon of personal information won’t be returning home.

Suggested readings and related articles:

• Dave Michels / Pin Drop Soup: Cloud Series 5: Hosted Voice – Just say no
  (for that matter, read his whole cloud series. Scratch that, just read what Dave Michels writes. )
• VoIP Tech Chat: Cloud Security Not Air Tight
• CNET: Major outage hits T-Mobile Sidekick users
• CNET: Missing Sidekick data may be gone for good

How's the view up there?

Cloud Computing, the buzz phrase that won’t go away, attracts new users daily. The most common “cloud” approach uses resources, accessible through the public internet, as a service. Although this computing approach provides (generally) much higher rates of reliability and lower rollout cost, an organization looking to the cloud may find some grey skies on the security forecast.

Besides unknown physical access concerns to your data (as well as not truly knowing who can access your “system”), the main security risk resides with the end user. Take for example Twitter. For the third time this year, someone accessed sensitive corporate documents via an employee email account. If a password can be guessed, cracked, or obtained, chances are your security just became a little foggy (ok, no more cloud puns).

Storing sensitive information in the cloud (including your web accessible email accounts) seems to be the 2009 equivalent of leaving your briefcase on the front seat of your car parked in a very open driveway. The AP recently posted an article on the Twitter reference, and it’s not a bad read.

Twitter hacked by old technique — again

July 15, 2009
JORDAN ROBERTSON

SAN FRANCISCO (AP) - Breaking into someone’s e-mail can be child’s play for a determined hacker, as Twitter Inc. employees have learned the hard way – again.

For the third time this year, the San Francisco-based company was the victim of a security breach stemming from a simple end-run around its defenses. In the latest case, a hacker guessed the password for an employee’s personal e-mail account and worked from there to steal confidential company documents.

The techniques used by the attackers highlight the dangers of a broader trend promoted by Google Inc. and others toward storing more data online, instead of on computers under your control.

The shift toward doing more over the Web – a practice known as “cloud computing” – means that mistakes employees make in their private lives can do serious damage to their employers, because a single e-mail account can tie the two worlds together.

Stealing the password for  someone’s Gmail account, for example, not only gives the hacker access to that person’s personal e-mail, but also to any other Google applications they might use for work, like those used to create spreadsheets or presentations.

That’s apparently what happened to Twitter, which shares confidential data within the company through the Google Apps package that incorporates e-mail, word processing, spreadsheet, calendar and other Google services for $50 per user per year.

Co-founder Biz Stone wrote in a blog posting Wednesday that the personal e-mail of an unnamed Twitter administrative employee was hacked about a month ago, and through that the attacker got access to the employee’s Google Apps account.

Separately, the wife of co-founder Evan Williams also had her personal e-mail hacked around the same time, Stone wrote. Through that, the attacker got access to Williams’ personal Amazon and PayPal accounts.

Stone said the attacks are “about Twitter being in enough of a spotlight that folks who work here can become targets.”

Some of the material the hacker posted online from the Google Apps documents was more embarrassing than damaging, like floor plans for new office space and a pitch for a TV show about the increasingly popular online messaging service.

Twitter says only one user account was potentially compromised because a screenshot of the account was included among the stolen documents. The value in hijacking a user’s account is limited, as those attacks are mainly used to post fake messages and try to trick the victim’s friends into clicking on links that will infect their computers.

Sensitive Twitter documents were filched, though.

The hacker claims to have employee salaries and credit card numbers, resumes from job applicants, internal meeting reports and growth projections.

TechCrunch, a widely read technology blog, says it was e-mailed the documents, and subsequently published some of them, including financial projections that Twitter drew up in February. The forecast envisioned Twitter generating its first revenue in the current quarter, with sales of about $400,000 and about 60 employees. By the end of next year, Twitter expected to employ about 345 people with annual revenue of about $140 million, according to the documents published by TechCrunch.

Stone said in an e-mail that most of the documents TechCrunch has access to are “speculative exercises.”

In his blog post, Stone said the stolen documents “are not polished or ready for prime time and they’re certainly not revealing some big, secret plan for taking over the world,” but said they are sensitive enough that their public release could jeopardize relationships with Twitter’s partners.

Stone said the company is talking to lawyers about “what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents.”

What the attacks on Twitter show is that Web sites don’t need to get compromised in the traditional sense to put its users and employees at risk.

Hackers don’t need to find a vulnerability in the site itself, or plant a virus on an employee’s computer, to sneak inside.