Microsoft Cloud data breach! Customers warned

SAN FRANSISCO: Microsoft has issued a warning to its cloud customers after discovering a breach in their database. These customers include some of the world’s largest companies, hackers could have been able to manipulate or even delete their main database, according to a copy of the email and a cyber security researcher.

As per the research team of Cyber Security company Wiz, the vulnerability surfaced in Microsoft Azure’s Cosmos DB database. The said team was able to access keys that control access to the database held by partner companies.

Microsoft can not change affected keys, Thursday they sent a mail to customers asking them to make new keys. Microsoft will pay Wiz a sum of $40,000 for finding out the vulnerability. Microsoft has refused to make any immediate comment on the situation.

This is the worst cloud vulnerability you can imagine, said Ami Luttwak who is Chief Technology Officer at Wiz. This is Azure’s central database and the Wiz team was able to get access to any customer database they wanted.

Microsfot logo pictured on a store in the Manhattan,REUTERS/Carlo Allegri/File Photo.

However, the mail sent by Microsoft to its customer says that there was no evidence of the flaw being exploited and that they have fixed the vulnerability. “We do not indicate that external entities outside the researcher (Wiz) had access to the primary read-write key,” the email said.

According to Luttwak data of many customers who were not notified by Microsoft might still be exposed, and this won’t change till they change their keys. Microsoft has only notified those customers whose keys were visible this month.Cloud attacks are rare, but they can be very destructive. All major companies are moving towards cloud storage these days great source of attraction for hackers. Some cloud data breaches are never even publicized.

A federally contracted research lab tracks all known security flaws in software and rates them by severity. But there is no equivalent system for holes in cloud architecture, so many critical vulnerabilities remain undisclosed to users, Luttwak said.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s