Microsoft Azure vulnerability left customer data exposed for two years

Azure cloud services have become a core pillar of Microsoft's business over the years, attracting many Fortune 500 companies as clients. Unfortunately, many of those clients had their data exposed by a huge vulnerability that has been present since 2019. 

As reported by The Verge, Microsoft recently became aware of a flaw in its Azure Cosmos DB database, which could grant unrestricted access to the databases of thousands of customers. According to Wiz, the vulnerability was introduced by Jupyter Notebook and once exploited, an attacker could gain full read/write functionality and even delete data.

After discovering the bug, Microsoft paid Wiz a $40,000 bounty. The company has also issued a statement to Bloomberg, saying that while the issue was serious, there has been “no evidence” of this bug being exploited by malicious actors.

After being made aware of the issue, Microsoft had patched it within 48 hours, which is a very quick turnaround. The issue itself was reported to Microsoft just two weeks ago.

Discuss on our Facebook page, HERE.

KitGuru Says: Fortunately for Microsoft, it doesn't look like any data was stolen and client databases weren't tampered with during the two years that this bug was present within Azure. 

Become a Patron!