Researchers have discovered a huge gap in the main database stored on the Microsoft Corp Azure cloud platform. Saturday urged all users to change their digital passwords.
Researchers at a cloud security company called Wiz discovered this month that they could have accessed the master digital keys for most users of the Cosmos DB database system, allowing them to steal, delete or modify millions of files. .
As notified by Wiz, Microsoft quickly corrected a configuration error that would make it easier for any Cosmos user to log in to other customers' databases, and alerted some users on Thursday to change their keys.
In a post Friday, Microsoft said it had warned customers who installed Cosmos Access during the week. No evidence was found that any of the attackers had used the same flaw to enter customer data.
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Service used strict language in press release on Friday, making it clear that you are not just referring to those who have already been informed.
When Microsoft was asked if the Jupyter Notebook feature was not configured properly or if another method was used to prevent access abuse, Microsoft was reluctant to respond immediately.
Wiz said Microsoft had worked closely with it on the investigation, but declined to say whether previous customers were safe.