Accidental release of cloud databases is common, usually due to misconfiguration by clients. But this time, the customers had nothing to do with it. Security company Wiz has been able to access Cosmos DB accounts from Azure and download, delete or process data from different companies. The reason for this is weaknesses and security holes in the database.
“We had full and unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies,” researchers from cybersecurity firm Wiz said in a blog post.
Access to the primary key
The vulnerability was caused by a number of misconfigurations of a feature called Jupyter Notebook that customers can use to view their data and create their own views. This feature was automatically enabled for all Cosmos DBs in February 2021. The researchers explained that it gave access to the primary keys of the Cosmos DB. “Base keys are the holy grail of attackers – they are long-lived and allow full access to read, write, and delete customer data,” the Wiz report says. To discover this vulnerability and communicate it to Microsoft, researchers received According to Reuters news agency Reward of 40 thousand dollars.
Microsoft immediately installed the patches. However, the companies involved must act quickly to avoid exposing their data. According to Wiz, Microsoft has told more than 30 percent of Cosmos DB customers that they must reset the passkey manually to reduce risk.
By the way: Microsoft is expanding the services available in its Swiss cloud. You can read more about it here.
If you want to read more about cybercrime and cyber security, Register here for the weekly newsletter from Swisscybersecurity.net. The portal contains daily news on current threats and new defense strategies.
