Microsoft warns of intruder risk in Azure cloud database
Thousands of Microsoft cloud computing customers could have reportedly been hit by a breach, as it warned intruders could have the ability to read, change or delete their main databases.
The weak spot is in Microsoft Azure’s Cosmos DB database, according to Reuters. Which was revealed when security company Wiz found it could open keys that give access to databases held by thousands of companies.
Microsoft, as it cannot alter the keys itself, has since contacted customers, telling them to create new ones. Customers who may have been impacted received have received a notification from Microsoft.
The technology giant has also agreed to pay Wiz $40,000 for detecting the flaw and reporting it.
“We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under Coordinated Vulnerability Disclosure,” a Microsoft spokesperson told City A.M.
In the email to customers, Microsoft said that it could find no evidence of the vulnerability being exploited.