A computer hack has been discovered in the Microsoft cloud, thousands of companies have warned

Microsoft had to warn thousands of business customers of its cloud (remote computing) service Thursday about the disadvantage of leaving their data vulnerable for so long.

The issue was discovered two weeks ago by the cybersecurity company Wiz. “Imagine our surprise when we gained full access to the accounts and databases of several thousand Microsoft Azure customers, including large companies,” the engineers told the company’s blog on Thursday.

“We immediately overhauled the system to ensure the safety and protection of our customers,” Microsoft responded in response to a request from AFP, also confirming that it had warned potentially affected organizations.

A priori, the flaw was not exploited by malicious actors, according to the IT giant.

According to Wiz, Microsoft had already deactivated the fallible system and then “informed more than 30% of Cosmos DB customers,” the cloud in question, that they had to change their access keys.

But they are likely to be at risk, and others other than those who have already warned could also be anxious, because “the flaw has been exploitable for at least several months, and even years,” the researchers detail.

The group is the second largest cloud leader in the world, after Amazon. This sector, which has been growing rapidly for years, has captured more customers during the pandemic, with the explosion of remote work and the need for digital services, from entertainment to online consumption.

Wise says companies like Coca-Cola and Exxon-Mobil are “using Cosmos DB to manage massive amounts of data in the world in real time.” The cloud is used to store data, but also to analyze and process it, from orders to suppliers to transactions with consumers.

See also  Disney CEO confirms Black Widow will be arriving in theaters

“It is a corporate security manager’s nightmare that someone recovers their access keys and uses them to extract gigabytes of data at a time,” the cybersecurity firm said.

These incidents, she adds, “have become commonplace in recent years, and they are worrying.”

The news is not good for Microsoft, whose mailbox servers were affected at the end of 2020 by a massive cyber attack in the United States.

Leave a Reply

Your email address will not be published. Required fields are marked *