Close Menu
CrafficCraffic
  • Home
  • News
    • Internet
    • Gaming
  • Tech
    • Hardware
    • Gaming Tech
    • Mobile Phones
    • Software
  • Science
    • Astronomy
    • Discoveries
    • Psychology
  • Entertainment
    • Anime
    • Reviews
    • Spotlight
    • WWE
Facebook X (Twitter) Instagram
CrafficCraffic
  • Home
  • News
    • Internet
    • Gaming
  • Tech
    • Hardware
    • Gaming Tech
    • Mobile Phones
    • Software
  • Science
    • Astronomy
    • Discoveries
    • Psychology
  • Entertainment
    • Anime
    • Reviews
    • Spotlight
    • WWE
Facebook X (Twitter) Instagram
CrafficCraffic
Home » Huge Microsoft Azure Security Flaw left Cloud Customers’ Data Vulnerable
Internet

Huge Microsoft Azure Security Flaw left Cloud Customers’ Data Vulnerable

Sudhanshu SharmaBy Sudhanshu SharmaAugust 27, 2021Updated:August 28, 2021No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Huge Microsoft Azure Security Flaw left Cloud Customers' Data Vulnerable
Share
Facebook Twitter LinkedIn Pinterest Email

Microsoft Azure – Data Leaks?

Thousands of Microsoft Azure cloud computing clients, including many Fortune 500 firms, have been notified of a vulnerability that has left their data entirely exposed for the past two years.

A weakness in Azure’s Cosmos DB database platform allowed attackers, complete unlimited access to more than 3,300 Azure customers. When Microsoft implemented a data visualisation function called Jupyter Notebook to Cosmos DB in 2019, the vulnerability was exposed. In February 2021, the feature became the default for all Cosmos DBs.

Clients of Azure

Companies like Coca-Cola, Liberty Mutual Insurance, ExxonMobil, and Walgreens, to mention a few, are among the Azure Cosmos DB clients.

“This is the worst cloud vulnerability you can imagine,” said Ami Luttwak, CEO of Wiz, the security firm that identified the flaw. “This is Azure’s core database, and we were able to connect to whatever client database we wanted.”

Despite the severity and risk, Microsoft has found no evidence that the vulnerability has resulted in unauthorised data access. In an emailed reply to Bloomberg, Microsoft said, “There is no indication of this technique being exploited by hostile actors. As a result of this vulnerability, we are not aware of any client data being accessed.” According to Reuters, Microsoft paid Wiz $40,000 for the discovery.

Microsoft Azure left Cloud Customers Data Vulnerability

Jupyter Notebook at fault

Wiz claims that the vulnerability presented by Jupyter Notebook allowed the company’s researchers to obtain access to the primary keys that secured Microsoft clients’ Cosmos DB databases in a comprehensive blog post. Wiz had complete read, write, and delete access to the data of tens of thousands of Azure users with these keys.

According to Wiz, the vulnerability was identified two weeks ago, and Microsoft disabled it within 48 hours of Wiz disclosing it. Microsoft, on the other hand, is unable to alter its customers’ primary access keys, which is why it urged Cosmos DB clients to manually update their keys in order to reduce risk.

Security Nightmare

Today’s problem is Microsoft’s latest security nightmare. In December, SolarWinds hackers stole part of the company’s source code, in March, its Exchange email servers were penetrated and implicated in ransomware attacks, and in April, a printer hole allowed attackers to take over PCs with system-level rights. However, with the world’s data increasingly migrating to centralised cloud services like Azure, Microsoft’s latest disclosure could be the most concerning yet.

Azure Cloud Cybersecurity Microsoft News
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticlePanasonic’s New SoundSlayer Wearable Gaming Speaker System will take your breath away
Next Article Hycean Planets, a new class of hot ocean worlds may support life
Sudhanshu Sharma

Related Posts

Gaming

God of War Ragnarok, Greatest of all time?

December 23, 2022
Gaming

How good will be Gran Turismo 7’s superhuman AI?

February 12, 2022
Entertainment

EXCLUSIVE! Dane DeHaan JOINS Christopher Nolan’s historical drama ‘Oppenheimer’

February 9, 2022
Add A Comment

Leave A Reply Cancel Reply

At Craffic we ensure delivering quality content to our readers as they are giving us their precious time to engage with our content. And Craffic was a vision of a group of school friends and they've made it possible by learning the basics of strategies used in the media culture. ‎ ‎ ‎‎ ‎ ‎

Quick Access
  • About Us
  • Contact us
  • Terms of Use
  • Privacy Policy
Facebook X (Twitter) Instagram Pinterest
© 2025 Craffic. Designed by StackX Solutions.

Type above and press Enter to search. Press Esc to cancel.