Microsoft Cloud Databases Vulnerable for Years, Firm Says
Kartikay Mehrotra of Bloomberg reports:
A vulnerability in Microsoft Inc.’s cloud database system left data at thousands of clients exposed to potential cyberattacks for about two years, according to the Israeli cybersecurity firm that discovered the bug.
More than 3,300 of the software giant’s customers were exposed to a flaw in its Azure Cosmos DB database product that could have granted a malicious actor access keys to steal, edit or delete sensitive data, according to researchers at the Tel Aviv-based Wiz.io. Wiz’s co-founder and Chief Technology Officer Ami Luttwak says his team of researchers discovered the vulnerability on Aug. 9 while managing security for some of its own Fortune 500 clients.
On Friday, Microsoft issued a statement: “Our investigation indicates no customer data was accessed because of this vulnerability by third parties or security researchers. We’ve notified the customers whose keys may have been affected during the researcher activity to regenerate their keys.”
Read more on Yahoo! Finance