Published in Cloud

Volish customers have shedloads of exposed data

by on27 August 2021

Vulnerability in Cosmos database

Software king of the world Microsoft warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases.

The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies.

The problem for Vole is that it cannot change the keys by itself, and it has emailed the customers Thursday telling them to create new ones.

"We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure", Microsoft told Reuters.

Microsoft's email to customers said there was no evidence the flaw had been exploited. "We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key", the email said.

However, this is pretty much the worst cloud vulnerability you can imagine. Luttwak's team found the problem, dubbed ChaosDB, on 9 August and notified Microsoft on 12 August.

The flaw was in a visualization tool called Jupyter Notebook, which has been available for years but was enabled by default in Cosmos beginning in February.

Last modified on 27 August 2021
Rate this item
(0 votes)

Read more about: