"Microsoft Warns Thousands of Cloud Customers of Exposed Databases"

Microsoft is warning thousands of its cloud computing customers that intruders could be able to read, change, or delete their main databases. A research team at the security company Wiz discovered the vulnerability in Microsoft Azure's flagship Cosmos DB database. The team was able to access keys that control access to databases belonging to thousands of companies. Since Microsoft cannot change these keys by itself, the company emailed customers urging them to create new ones. Microsoft agreed to pay Wiz $40,000 for reporting the flaw. According to Microsoft's email to customers, there is no evidence that the flaw had been exploited by external entities other than the Wiz researchers. The flaw was found in Jupyter Notebook, a visualization tool that has been available for years but was enabled by default in Cosmos in February 2021. Wiz Chief Technology Officer Ami Luttwak says those customers who have not been notified by Microsoft could have had their keys accessed by attackers. Only customers whose keys were visible this month were notified by Microsoft. This article continues to discuss the Microsoft Azure cloud vulnerability exposing thousands of cloud databases. 

Reuters reports "Microsoft Warns Thousands of Cloud Customers of Exposed Databases"