Security Expert: Microsoft Suffers ‘Worst Cloud Vulnerability You Can Imagine’

Microsoft CEO Satya Nadella shows his fist ( Stephen Brashear /Getty)
Stephen Brashear /Getty

Microsoft has warned customers of its Azure cloud computing service that major vulnerabilities in the company’s systems have left user data completely exposed for the last two years. The CTO of the security company that discovered the massive flaw commented: “This is the worst cloud vulnerability you can imagine. This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

The Verge reports that tech giant Microsoft has warned users of its Azure cloud computing service that their data has been exposed online for the last two years. Microsoft recently revealed that an error in its Azure Cosmos DB database product left more than 3,300 Azure customers’ data completely exposed.

Microsoft boss Satya Nadella

Microsoft boss Satya Nadella

The vulnerability was reportedly introduced into Microsoft’s systems in 2019 when the company added a data visualization feature called Jupyter Notebook to Cosmos DB. Some Azure Cosmos DB clients include Coca-Cola, Liberty Mutual Insurance, ExxonMobil, and Walgreens.

The Associated Press

In this June 24, 2019 file photo, shoppers enter a Walgreens store in Los Angeles. Lawsuits filed by two Ohio counties against retail pharmacy chains CVS, Walgreens, Rite Aid, Walmart and Giant Eagle claiming their opioid dispensing practices flooded communities with pain pills and were a a public nuisance can continue after U.S. District Judge Dan Polster, a federal judge in Cleveland, denied the chains’ motion to dismiss the complaints in a ruling Thursday, Aug. 6, 2020. (AP Photo/Marcio Jose Sanchez, File)

The Associated Press

Exxon revenue takes off with oil prices, profit falls short

Ami Luttwak, the Chief Technology Officer of Wiz, a security company that discovered the issue and received a $40,000 bug bounty from Microsoft, commented: “This is the worst cloud vulnerability you can imagine. This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

Microsoft claims that despite the huge risk posed by the vulnerability, it has yet to see any evidence that it led to unauthorized data access. In an emailed statement to Bloomberg, Microsoft said: “There is no evidence of this technique being exploited by malicious actors. We are not aware of any customer data being accessed because of this vulnerability.”

Wiz published a detailed blog post outlining the vulnerability and the effect it had on Microsoft’s Azure Service. It states that after Microsoft integrated Jupyter Notebook with its service, the app allowed Wiz researchers to gain access to the primary keys that secured the Cosmos DB databases for Microsoft customers. This gave Wiz full access to all of the data belonging to several thousand Microsoft Azure customers.

Read more at the Verge here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com

COMMENTS

Please let us know if you're having issues with commenting.