Microsoft Confirms Massive Leaking Breach Of User Data

(FiveNation.com)- Last week Microsoft warned its online cloud customers that their data could potentially be exposed to hackers. The company revealed on Thursday that there was a major flaw in Microsoft’s Azure Cosmos DB database service that could allow hackers to read, change or delete data saved on the cloud.

The flaw was discovered by researchers from the security company Wiz. These researchers realized they were able to access keys that control access to databases belong to thousands of companies.

Among Microsoft’s cloud customers are such Fortune 500 firms as Coca-Cola and Exxon-Mobil.

According to Wiz co-founder Ami Luttwak, the vulnerability discovered is the worst imaginable. From the central database for Azure, Wiz was able to obtain access to any customer database they chose.

Microsoft is not able to change the access keys of its customers, so it emailed Azure customers instructing them to create new ones. In its email to customers, Microsoft said that it fixed the vulnerability detected, and there was at this time no evidence that any hackers had exploited the flaw prior to the fix.

Luttwak, who was formerly chief technology officer at Microsoft’s Cloud Security Group, said that this vulnerability could have had serious consequences. Wiz discovered the problem, dubbed ChaosDB, on August 9 and notified Microsoft several days later.

This news comes on the heels of a number of other recent security problems for Microsoft.

The same suspected Russian hackers that infiltrated SolarWinds are suspected to have been behind a breach in which Microsoft’s source code was stolen.

Additionally, a number of hackers broke into Exchange email services while a patch was being developed.

Last week another Exchange flaw prompted the US government to issue an urgent warning that customers needed to install patches issued months ago which ransomware gangs were now exploiting.

The vulnerabilities with Azure are especially troubling, however, because Microsoft and outside security experts have been urging companies to abandon their own infrastructure and rely instead on the cloud for more security.

While breaches of cloud databases are more rare, they can be much more devastating if and when they occur.