Security in services is all about liability and risk rather than an absolute guarantee.
I've seen so much anger over this issue that it's left me confused. Questions like how they can ever be trusted now. They could never be trusted. If the information is really that important, then it should be encrypted before being passed to any other service. Companies will screw up, the question is how are you going to be on the hook for it. The great thing about services is that you can pass the blame the service than if you had dealt with it in-house.
That said, this has been an embarrassing display for Backblaze and I hope they redouble their efforts on infosecurity. But mistakes happen. If there's a pattern, then that's a different story.
I've seen so much anger over this issue that it's left me confused. Questions like how they can ever be trusted now. They could never be trusted. If the information is really that important, then it should be encrypted before being passed to any other service. Companies will screw up, the question is how are you going to be on the hook for it. The great thing about services is that you can pass the blame the service than if you had dealt with it in-house.
That said, this has been an embarrassing display for Backblaze and I hope they redouble their efforts on infosecurity. But mistakes happen. If there's a pattern, then that's a different story.