Researchers who discovered a massive flaw in the main databases stored in Microsoft's Azure cloud platform have now urged all users to change their digital access keys, not just the 3300 it notified this week.
Researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.
Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users Thursday to change their keys.
In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period.
It found no evidence that any attackers had used the same flaw to get into customer data, it noted.
"Our investigation shows no unauthorised access other than the researcher activity," Microsoft wrote.
"Notifications have been sent".
https://www.itnews.com.au/news/rese...tion-by-microsoft-cloud-database-users-569187
Researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.
Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users Thursday to change their keys.
In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period.
It found no evidence that any attackers had used the same flaw to get into customer data, it noted.
"Our investigation shows no unauthorised access other than the researcher activity," Microsoft wrote.
"Notifications have been sent".
https://www.itnews.com.au/news/rese...tion-by-microsoft-cloud-database-users-569187
