Edit: Subsequent to making this post, I obtained more detail about the JPMorgan Chase database outage.
I was just contacted for comment about the Chase database outage, about which they’ve released remarkably little information (they’ve even apologized for their terseness). About all Chase has said is:
A third-party database company’s software caused a corruption of systems information, disabling our ability to process customer log-ins to chase.com. This resulted in a long recovery process,
and even that quote is a bit hard to find. From other reporting, we know that ATM machines, bank branches, and the call centers continued to work, but various web and mobile access applications were disabled.
Of course, that quote is pretty ambiguous. My thoughts on it include:
- Presumably, the database Chase uses to authenticate log-ins was screwed up.
- That’s consistent with what the quote says.
- It’s also consistent with the stories as to what did or didn’t work. After all, ATM authentication — validating ATM cards and PINs at known endpoints — is very likely to be run differently than, say, web authentication using conventional passwords.
- Note that authentication is commonly run off of purpose-built LDAP (Lightweight Directory Access Protocol) database systems rather than relational DBMS.
- We’re Chase customers (for credit cards). Their authentication is pretty annoying. So are other aspects of their technology. (And so are their business practices, but that’s a different story.)
- Surely you’ve heard the term “security theater.” Well, “authentication theater” happens too. More on that in a future post.
- The Chase quote is ambiguous as to whether this was failure of purchased software Chase runs in-house, or whether it was a failure of an outsourced system. The former theory seems more likely.
- I guess it’s possible that there’s some sort of third-party (outsourced or inhouse) identity validation/data cleaning going on, which feeds the authentication database, and that this is what crashed rather than the main system. But again, the Chase quote is — well, I guess it’s both ambiguous AND vague.