Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Public money, private plans: MPs demand Post Office transparency

      13 June 2025

      Coal to cash: South Africa gets major boost for energy shift

      13 June 2025

      China is behind in AI chips – but for how much longer?

      13 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025

      10 red flags for Apple investors

      13 June 2025
    • World

      Yahoo tries to make its mail service relevant again

      13 June 2025

      Qualcomm shows off new chip for AI smart glasses

      11 June 2025

      Trump tariffs to dim 2025 smartphone shipments

      4 June 2025

      Shrimp Jesus and the AI ad invasion

      4 June 2025

      Apple slams EU rules as ‘flawed and costly’ in major legal pushback

      2 June 2025
    • In-depth

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025

      South Africa unveils big state digital reform programme

      12 May 2025

      Is this the end of Google Search as we know it?

      12 May 2025
    • TCS

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025

      TCS+ | The future of mobile money, with MTN’s Kagiso Mothibi

      6 June 2025

      TCS+ | AI is more than hype: Workday execs unpack real human impact

      4 June 2025

      TCS | Sentiv, and the story behind the buyout of Altron Nexus

      3 June 2025

      TCS | Signal restored: Unpacking the Blue Label and Cell C turnaround

      28 May 2025
    • Opinion

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025

      South Africa’s next crisis? Being offline in an AI-driven world

      2 June 2025

      Digital giants boost South African news media – and get blamed for it

      29 May 2025

      Solar panic? The truth about SSEG, fines and municipal rules

      14 April 2025

      Data protection must be crypto industry’s top priority

      9 April 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Information security » Microsoft warns thousands of cloud customers of exposed databases

    Microsoft warns thousands of cloud customers of exposed databases

    By Agency Staff27 August 2021
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Microsoft has warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the e-mail and a cybersecurity researcher.

    The vulnerability is in Microsoft Azure’s flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz chief technology officer Ami Luttwak is a former CTO at Microsoft’s Cloud Security Group.

    Because Microsoft cannot change those keys by itself, it e-mailed the customers on Thursday telling them to create new ones. Microsoft agreed to pay Wiz US$40 000 for finding the flaw and reporting it, according to an e-mail it sent to Wiz.

    We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key

    “We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure,” Microsoft said.

    Microsoft’s e-mail to customers said there was no evidence the flaw had been exploited. “We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key,” the e-mail said.

    ‘Worst vulnerability’

    “This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak said. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

    Luttwak’s team found the problem, dubbed ChaosDB, on 9 August and notified Microsoft on 12 August, Luttwak said.

    The flaw was in a visualisation tool called Jupyter Notebook, which has been available for years but was enabled by default in Cosmos beginning in February. After Reuters reported on the flaw, Wiz detailed the issue  in a blog post.

    Luttwak said even customers who have not been notified by Microsoft could have had their keys swiped by attackers, giving them access until those keys are changed. Microsoft only told customers whose keys were visible this month, when Wiz was working on the issue.

    Microsoft said that “customers who may have been impacted received a notification from us”, without elaborating.  — Reported by Joseph Menn, (c) 2021 Reuters



    Ami Luttwak Microsoft top
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleDriving licence grace period extended to next year
    Next Article Pinnacle’s Nyeleti Shikwambane on being a female leader in IT

    Related Posts

    The future of database management is hybrid. Are you ready?

    6 June 2025

    How AI is rewriting the rules of software development

    4 June 2025

    Silicon slip-ups: the tech industry’s biggest flops

    29 May 2025
    Company News

    Huawei Watch Fit 4 Series: smarter sensors, sharper design, stronger performance

    13 June 2025

    Change Logic and BankservAfrica set new benchmark with PayShap roll-out

    13 June 2025

    SAPHILA 2025 – transcending with purpose, connection and AI-powered vision

    13 June 2025
    Opinion

    Beyond the box: why IT distribution depends on real partnerships

    2 June 2025

    South Africa’s next crisis? Being offline in an AI-driven world

    2 June 2025

    Digital giants boost South African news media – and get blamed for it

    29 May 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.