Microsoft has issued a warning to thousands of its cloud computing customers about a newly found weakness that exposed their data for an extended period of time. The flaw impacted keys needed to access Microsoft Azure’s main database service Cosmos DB, and it was identified by cybersecurity firm Wiz two weeks ago.
“Imagine our surprise when we were able to gain complete unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies,” Wiz said on its blog on Thursday. Cosmos DB is used by companies like Coca-Cola and ExxonMobil to “handle huge amounts of data throughout the world in real time,” according to Wiz. The cloud service is utilized to store information as well as analyze and handle anything from supplier orders to customer transactions.
Microsoft revealed earlier this year that a Chinese state-sponsored hacker gang was exploiting security weaknesses in its Exchange email services, a potentially disastrous attack that compromised at least 30,000 Microsoft email servers in government and commercial networks.
The firm was then targeted by the same suspected Russian gang that was responsible for the SolarWinds software hack in 2020. Microsoft executives met with US President Joe Biden this week to explore methods to combat ransomware attacks and protect cloud computing systems from hackers.