• Cryptocurrency
  • Earnings
  • Enterprise
  • About TechBooky
  • Submit Article
  • Advertise Here
  • Contact Us
TechBooky
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
TechBooky
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Home Cloud

Microsoft Warns Cloud Customers of Exposed Databases

Olagoke Ajibola by Olagoke Ajibola
August 28, 2021
in Cloud, Enterprise
Share on FacebookShare on Twitter

 


Microsoft has warned thousands of its Azure cloud computing customers, including many Fortune 500 companies, about a vulnerability that left their data completely exposed for the last two years. Microsoft warns its cloud computing customers that intruders could have the ability to read, change or even delete their main databases. This vulnerability is said to be caused by a flaw in Microsoft’s Azure Cosmos DB database product and has left more than 3,300 Azure customers open to complete unrestricted access by attackers. The vulnerability was introduced in 2019 when Microsoft added a data visualization feature called Jupyter Notebook to Cosmos DB. Cosmos DB is Microsoft’s proprietary globally distributed, multi-model database service “for managing data at planet-scale” launched in May 2017. The feature was turned on by default for all Cosmos DBs in February 2021.

A listing of Azure Cosmos DB clients includes companies like Coca-Cola, Liberty Mutual Insurance, ExxonMobil, and Walgreens, to name just a few. According to Ami Luttwak, (a former chief technology officer at Microsoft’s Cloud Security Group), Chief Technology Officer of Wiz the security company that discovered the issue, he says “This is the worst cloud vulnerability you can imagine.” Luttwak added that “This is the central database of Azure, and we were able to get access to any customer database that we wanted.” Luttwak’s team found the problem, dubbed ChaosDB, on Aug. 9 and notified Microsoft on Aug. 12.

In a blog post, Wiz says that the vulnerability introduced by Jupyter Notebook allowed the company’s researchers to gain access to the primary keys that secured the Cosmos DB databases for Microsoft customers. With said keys, Wiz had full read/write/delete access to the data of several thousand Microsoft Azure customers. Wiz further says that it discovered the issue two weeks ago and Microsoft disabled the vulnerability within 48 hours of Wiz reporting it. However, Microsoft can’t change those customers’ primary access keys themselves, which is why the company opted into sending emails to Cosmos DB customers to manually change their keys in order to mitigate exposure. Microsoft paid Wiz $40,000 for the discovery.

Despite the severity and all the risk presented, Microsoft hasn’t seen any evidence of the vulnerability leading to illicit data access. “There is no evidence of this technique being exploited by malicious actors,” said Microsoft. “We are not aware of any customer data being accessed because of this vulnerability.” In an update posted to the Microsoft Security Response Center, the company said its forensic investigation included looking through logs to find any current activity or similar events in the past. “Our investigation shows no unauthorized access other than the researcher’s activity,” said Microsoft.

Today’s issue is just the latest security nightmare for Microsoft. The company had some of its source code stolen by SolarWinds hackers at the end of December, its Exchange email servers were breached and implicated in ransomware attacks in March, and a recent printer flaw in July, allowing attackers to take over computers with system-level privileges. But with the world’s data increasingly moving to centralized cloud services like Azure, the latest revelation could be the most troubling development yet for Microsoft.

Related Posts:

  • 020tYFWBL4Yz8jIIFUdKDR1-22
    A Fix to Microsoft Windows Defender And Security Flaws
  • 1_zpKoi14a19eY-z4CyCwDZg
    Microsoft Authorized Flutterwave's Incorporation With Azure
  • micromtn
    Project Nephos Cloud Solutions Alters MTN Group And…
  • Microsoft-Dublin-Book-1-1024×683
    Microsoft's EU Sovereign Cloud initiative is Complete
  • Microsoft Offered OpenAI Billions of Investment To pair Azure Cloud and ChatGPT’s Integration.
    Microsoft Offered OpenAI Billions of Investment To…
  • NASA-Earth-Hero-Final
    NASA, Microsoft Develop AI to Simplify Earth Science Data
  • ciobulletin-walmart-partners-microsoft-azure-three-sixty-five
    Walmart Spent $580M on Microsoft Azure in 11 Months,…
  • 108023853-17242740432024-05-21t173935z_402974582_rc24v7ad5n4z_rtrmadp_0_microsoft-ai
    Microsoft Shares Fall on Weak Guidance and Cloud Revenue

Discover more from TechBooky

Subscribe to get the latest posts sent to your email.

Tags: AccessazureCompanyCosmoscustomersdatadatabaseDBmicrosoftvulnerabilityWiz
Olagoke Ajibola

Olagoke Ajibola

Olagoke Ajibola is a creative writer and content producer with an eye for details and excellence. He has a demonstrated history of telling stories for TV, Film and Online. Aside from being fascinated by the power of imagination, his other interest are travel, sport, reading and meeting people.

BROWSE BY CATEGORIES

Select Category

    Receive top tech news directly in your inbox

    subscription from
    Loading

    Freshly Squeezed

    • Google Launches ‘vibe-coding’ App Called Opal July 26, 2025
    • Intel Plans to Spin off Network and Edge Division July 26, 2025
    • Investigation Underway into Starlink Global Outage July 26, 2025
    • Microsoft Look Into Microsoft 365 Admin Centre Outage July 26, 2025
    • FIRS Partners with Banks and Fintechs for VAT Monitoring July 26, 2025
    • X Experiments with Community Notes for Popular Content July 25, 2025

    Browse Archives

    July 2025
    MTWTFSS
     123456
    78910111213
    14151617181920
    21222324252627
    28293031 
    « Jun    

    Quick Links

    • About TechBooky
    • Advertise Here
    • Contact us
    • Submit Article
    • Privacy Policy
    Generic selectors
    Exact matches only
    Search in title
    Search in content
    Post Type Selectors
    • African
    • Artificial Intelligence
    • Gadgets
    • Metaverse
    • Tips
    • About TechBooky
    • Advertise Here
    • Submit Article
    • Contact us

    © 2025 Designed By TechBooky Elite

    Discover more from TechBooky

    Subscribe now to keep reading and get access to the full archive.

    Continue reading

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.