Microsoft warns thousands of cloud customers of data vulnerability

Microsoft says it has warned thousands of its cloud computing clients of a recently discovered flaw that left their data vulnerable for an extended period.

SAN FRANCISCO: Microsoft says it has warned thousands of its cloud computing clients of a recently discovered flaw that left their data vulnerable for an extended period.

The problem involved keys used to access Microsoft Azure’s flagship database service Cosmos DB, and was discovered two weeks ago by cybersecurity company Wiz.

“Imagine our surprise when we were able to gain complete unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies,” Wiz said on its blog Thursday.

Companies including Coca-Cola and Exxon-Mobil use Cosmos DB “to manage massive volumes of data around the world in real time,” Wiz added.

The cloud service is used to store data, as well as to analyse and process everything from orders from suppliers to transactions with consumers.

According to Microsoft, customers who may have been impacted were notified, but there was no evidence the flaw had been exploited by malicious actors.

“We fixed this issue immediately to keep our customers safe and protected,” a Microsoft spokesperson told AFP.

Microsoft told more than 30 per cent of Cosmos DB customers that they needed to change their access keys, according to Wiz.

But the cybersecurity firm warned others could be at risk.

“Microsoft only emailed customers that were affected during our short (approximately weeklong) research period,” Wiz said. “However… the vulnerability has been exploitable for at least several months, possibly years.”

Microsoft is one of the world’s biggest cloud service providers, behind Amazon. Demand has skyrocketed during the Covid-19 pandemic with the growth of working from home and reliance on digital services for things like entertainment and shopping.

The US tech company has recently suffered a series of security issues.

Earlier this year, Microsoft disclosed that a state-sponsored hacking group operating out of China was exploiting security flaws in its Exchange email services, a potentially devastating hack believed to have affected at least 30,000 Microsoft email servers in government and private networks.

The company was then also attacked by the suspected Russian group behind the 2020 hack of the SolarWinds software company.

This week, tech bosses including from Microsoft, met with US President Joe Biden to discuss ways to fight ransomware attacks and defend cloud computing systems from hackers.

Z24 News

Leave a Reply

Your email address will not be published.

Next Post

Cricket: India lose Rahul as England continue victory march

Fri Aug 27 , 2021
LEEDS, England: England grabbed a massive first innings lead of 354 runs and then reduced India to 34-1 to stay on course for a series-levelling victory in the third test at Headingley on Friday (Aug 27). The hosts lost their last two wickets quickly to be all out for 432 […]

Share

Social menu is not set. You need to create menu and assign it to Social Menu on Menu Settings.