Microsoft warns thousands of cloud customers of exposed databases

BY-Arun Shekhar Jawla

The hack in Apple iCloud has created an environment of fear in the surroundings. Microsoft has just warned its customers regarding the security thread discovered by the research team of security company ‘Wiz’. They were able to access some key control access to the database of thousands of companies in various sectors. The vulnerability has been found in the Cosmos DB database. Soon after discovering this issue, the company warned thousands of its cloud computing customers about the bug which can give intruders the ability to read, delete or change data from their core databases.

Thousands of customers have been mailed and advised to change their new keys or passwords. Interestingly, the company has decided to award [$40,000] WIZ for finding flaws and reporting them.  “We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure,” Microsoft told Reuters.

The flaw was found in a visualization tool [Jupyter Notebook] which has been available and enabled at default in Cosmos in early February. As per the reporter of Reuters, WIZ has given details about the flaw in azure customer’s databases in a blog post.

Ami Luttwak, the former chief technology officer at Microsoft’s Cloud Security Group, warned customers about the bug and advised those who haven’t been notified to change their key to the database. Microsoft has been giving them access until those keys are changed. Microsoft communicated to Reuters that “customers who may have been impacted received a notification from us,” without discussing it in detail.

Microsoft had a history of bad security for the last few months. Earlier, Russian hackers that infiltrated SolarWinds also stole some source code from Microsoft. Some hackers broke into the exchange e-mail servers while involved in some development.

There have been quite a few bugs in the company’s software system. The most recent one being the printer flaw which that allowed computer takeovers had to be redone repeatedly. Another patch was issued months ago because ransomware gangs are now being exploited. Azure has been the most troubling as many security experts have been pushing Microsoft to abandon the project and rely on the cloud for better security. As per data, it is quite rare for the cloud to be hacked or attacked.