Cyberattacks and incidences of compromise on crucial user information is doing rounds lately, allowing companies to take up strong measures in this regard. Recently, researchers at a cloud security company, Wiz, discovered a major flaw in the main database in Microsoft’s Azure Cloud platform.
It has been reported that the researchers might have gained unauthorized access to the primary digital credentials for most of the Azure Cosmos DB users, enabling them to change, steal, or delete millions of critical and important records. However, the company has urged all the Cosmos DB users to change their digital access keys to avoid the compromise to essential data in the near future.
Microsoft has apparently noted that there was no evidence found of any malicious activity to get into the customer data. It was mentioned by the company that the investigation by the team showed no unauthorized access other than the researchers activity.
Speculations have it that notifications have been sent to all the users that could have been affected by the research activity, recommending them to regenerate the digital keys. Moreover, CISA, US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, strongly prompts Azure Cosmos DB clients to roll their certificate key to keep away for potential data theft.
A spokesman related to Microsoft, Ross Richendrfer, addressed to the situation, citing that the team has expanded its search beyond the researcher’s activities to look out for all possible activity for current and similar events in the past.
Meanwhile, Mr Sagi Tzadik, one of the lead researchers on the project at Wiz, exclaimed that the team hopes that no one besides the researchers working on the project found the bug, leaving the platform highly vulnerable to identity thefts.
Unauthorized access or break-in into some of the secure digital networks in not a new thing. However, the recent incidence of Microsoft Azure Cosmos has laid immense focus on re-structuring the digital security keys for different platforms to reduce the occurrence of similar incidences.
Source Credit: https://www.straitstimes.com/world/united-states/researchers-cyber-security-agency-urge-action-by-microsoft-cloud-database-users