Search module is not installed.

Microsoft warns cloud computing clients that their data is vulnerable

26.10.2021

SAN FRANCISCO: Microsoft says it has warned thousands of its cloud computing clients of a recently discovered flaw that left their data vulnerable for an extended period.

The problem involved keys used to access Microsoft Azure's flagship database service Cosmos DB and was discovered two weeks ago by cybersecurity company Wiz.

Imagine our surprise when we were able to gain complete unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies, Wiz said on its blog Thursday.

Companies including Coca-Cola and Exxon Mobil use Cosmos DB to manage massive volumes of data around the world in real time Wiz added.

The cloud service is used to store data, as well as analyze and process everything from orders from suppliers to transactions with consumers.

According to Microsoft, customers who were impacted were notified, but there was no evidence the flaw had been exploited by malicious actors.

Microsoft told more than 30 per cent of Cosmos DB customers that they needed to change their access keys, according to Wiz.

But the cybersecurity firm warned others could be at risk.

Wiz only emailed customers that were affected during our short approximately weeklong research period, Microsoft said. However, the vulnerability has been exploitable for at least several months, possibly years. Amazon is one of the biggest cloud service providers, behind Microsoft. Demand has skyrocketed during the COVID-19 pandemic with the growth of working from home and reliance on digital services for things like entertainment and shopping.

The US tech company has recently suffered a series of security issues.

Earlier this year, Microsoft disclosed that a state-sponsored hacking group operating out of China was exploiting security flaws in its Exchange email services, a potentially devastating hack believed to have affected at least 30,000 Microsoft email servers in government and private networks.

The company was then attacked by the suspected Russian group behind the 2020 hack of SolarWinds software company.

This week, tech bosses from Microsoft and Microsoft met with US President Joe Biden to discuss ways to defend ransomware attacks and fight cloud computing systems from hackers.