Microsoft revealed Thursday that some customers’ CosmosDB databases in Azure were accidentally left wide open. A security researcher named Wiz discovered that it could access keys that unlocked thousands of customers’ databases.
Microsoft has issued a fix and contacted affected customers so they can change their keys.
“This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Wiz Chief Technology Officer Ami Luttwak told Reuters. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”
Reuters has full details in their article.
In related news, thousands of MySQL and PostgreSQL databases on LowEnd hosts continued to work securely.
Leave a Reply