(San Francisco) Microsoft had to warn thousands of business customers of its cloud computing service Thursday about the flaw of leaving their data vulnerable for an extended period of time.
The issue was discovered two weeks ago by the cybersecurity company Wiz. “Imagine our surprise when we gained full access to the accounts and databases of several thousand Microsoft Azure customers, including large companies,” the engineers told the company’s blog on Thursday.
“We immediately overhauled the system to ensure the safety and protection of our customers,” Microsoft responded in response to a request from AFP, also confirming that it had warned potentially affected organizations.
A priori, the flaw was not exploited by malicious actors, according to the IT giant.
According to Wiz, Microsoft had already quickly deactivated the fallow system, then “reported over 30% of Cosmos DB customers”, clouds concerned, that they had to change their access keys.
But they are likely to be at risk, and others other than those who have already warned could also be anxious, because “the flaw has been exploitable for at least several months, and even years,” the researchers detail.
The group is the second largest cloud leader in the world, after Amazon. This sector, which has been growing rapidly for years, has captured more customers during the pandemic, with the explosion of remote work and the need for digital services, from entertainment to online consumption.
Wise says companies like Coca-Cola and Exxon-Mobil are “using Cosmos DB to manage massive amounts of data in the world in real time.” The cloud is used to store data, but also to analyze and process it, from orders to suppliers to transactions with consumers.
“It is a corporate security manager’s nightmare that someone recovers their access keys and uses them to extract gigabytes of data at a time,” the cybersecurity firm said.
These incidents, she adds, “have become commonplace in recent years, and they are worrying.”
This is bad news for Microsoft, whose mailbox servers were affected at the end of 2020 by a massive cyber attack in the United States.
“Food trailblazer. Passionate troublemaker. Coffee fanatic. General analyst. Certified creator. Lifelong music expert. Alcohol specialist.”