Due to a flaw that made their data vulnerable for an extended period, Microsoft had to warn, this Thursday, thousands of business customers of its cloud service (remote computing).
The problem was discovered two weeks ago by Wiz, a cybersecurity company. “Imagine our surprise when we managed to gain full access to the accounts and databases of several thousand Microsoft Azure customers, including large companies,” the engineers told the firm’s blog on Thursday.
No cyber attack
“We immediately repaired the system to ensure the safety and protection of our customers,” responded Microsoft, also confirming that it had warned potentially affected organizations. A priori, the flaw has not been exploited by malicious actors, according to the IT giant. According to Wiz, Microsoft has indeed quickly deactivated the fallible system, then “informed more than 30% of customers of Cosmos DB”, the cloud concerned, that they had to change their access keys.
But they are potentially still in danger, and others than those already warned could be concerned too, because “the flaw has been exploitable for at least several months, even years”, detail the researchers. The group is the second largest cloud leader in the world, behind Amazon. This sector, which has been growing rapidly for years, has conquered even more customers during the pandemic, with the explosion of teleworking and the need for digital services, from entertainment to online consumption.
These incidents “have become common”
Companies like Coca-Cola and Exxon-Mobil “use Cosmos DB to manage massive volumes of data in the world in real time,” Wiz says. The cloud is used to store data, but also to analyze and process it, from orders to suppliers to transactions with consumers.
“The nightmare of any director of security in a company is that someone gets their access keys and uses them to extract gigabytes of data at once,” said the cybersecurity firm. These incidents “have become common in recent years, and it is alarming,” she adds. The news falls badly for Microsoft, whose mailbox servers were affected at the end of 2020 by a gigantic cyber attack in the United States.