This month, researchers discovered a dangerous security vulnerability in Microsoft Azure, that could give cybercriminals admin access to all user databases in Cosmos DB.
Researches from the security company Wiz found that it is easy for one to gain the primary keys to all databases. This gives cybercriminals the ability to read, change or delete information.
The vulnerability might have been present since the 2019 release of Jupyter Notebook. The researchers called it ChaosDB.
Wiz CTO and former chief technology officer at Microsoft’s Cloud Security Group Ami Luttwak said: “This is the worst cloud vulnerability you can imagine. It is a long-lasting secret. This is the central database of Azure, and we were able to get access to any customer database that we wanted”.
Microsoft, however, cannot change the access keys. So, it sent mass emails to potentially affected customers to warn them about the issue.
The company also fixed the configuration mistake, which was the root of the issue.
“Our investigation shows no unauthorized access other than the researcher activity. Notifications have been sent to all customers that could be potentially affected due to researcher activity,” Microsoft announced.
The case should serve as a warning for all database software users.
Statistics also show that:
- There’s a new cyberattack every 39 seconds.
- Companies suffered roughly 22 security breaches last year.
Vulnerabilities similar to ChaosDB are just giving hackers the upper hand.