Microsoft on Thursday issued a warning to thousands of its cloud computing customers, including some of the world’s largest companies.
According to e-mails sent by the company and cybersecurity investigators, intruders may also have the ability to read, modify or delete their main database, according to Reuters.
Security vulnerabilities are in Microsoft Azure’s flagship Cosmos DB database. A security team at security company Viz found that thousands of companies were able to use these keys to control access to databases. Amy Lutwak, Viz’s chief technology officer, is a former chief technology officer at Microsoft’s Cloud Security Group.
According to reports, Microsoft itself cannot change those keys, so it emailed customers Thursday to ask them to create a new key. Microsoft has agreed to pay वीज 40,000 to Viz for finding and reporting security vulnerabilities.
“We addressed this issue immediately to keep our customers safe and secure. We thank security researchers for working under Coordinated Weakness Disclosure, ”said Microsoft.
According to the company, no evidence of abuse has been found so far.
The fault was in a visual tool called the Jupiter notebook, which has been available for years but was launched by default last February.