Microsoft has warned thousands of its business customers this week that a vulnerability left their cloud databases exposed and susceptible to edits.
The company told thousands of Microsoft Azure customers on Thursday that the security firm Wiz was able to access private Azure databases earlier this month, where they could then read, edit, and delete data at will. No other party is believed to have gained access to the databases through the flaw, however.
Microsoft told Reuters that it “fixed this issue immediately to keep our customers safe and protected” after the vulnerability was pointed out. Wiz was reportedly paid $40,000 for discovering the flaw and reporting it to Microsoft.
Wiz Chief Technology Officer (CTO) Ami Luttwak called the flaw “the worst cloud vulnerability you can imagine” and “a long-lasting secret,” noting that his security company “were able to get access to any customer database that we wanted.”
Microsoft Azure is used by some of the world’s biggest companies, including Shell, Audi, Carlsberg, Coca-Cola, and PepsiCo. Azure is also used by many universities and government bodies, including the United Nations (UN), the UK National Health Service (NHS), and the Saudi Arabian Ministry of Justice.
Think your friends would be interested? Share this story!