Researchers have discovered a huge gap in the master database stored on Microsoft Corp's Azure cloud platform. On Saturday it urged all users to change their digital keys access.
Researchers at a cloud security company called Wiz discovered this month that they could have accessed the master digital keys for most users of the Cosmos DB database system, allowing them to steal, delete or modify millions of files. .
As notified by Wiz, Microsoft quickly corrected a configuration error that would make it easier for any Cosmos user to log in to other customers' databases, and alerted some users on Thursday to change their keys.
In a post Friday, Microsoft said it had warned customers who installed Cosmos Access during the week. No evidence was found that any of the attackers had used the same flaw to enter customer data.
The Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security of USA used strong language in press release on Friday, making it clear that you are not just referring to those who have already been informed.
When Microsoft was asked if the mode Jupyter Notebook was not properly configured or some other method was used to prevent abuse of access, Microsoft hesitated to respond immediately.
Wiz said Microsoft had worked closely with it on the investigation, but declined to say whether previous customers were safe.
