Microsoft (NASDAQ:MSFT) has issued a new warning to thousands of its cloud computing customers that hackers could have the ability to read, change or even delete their main databases.
The Reuters news agency is reporting that Microsoft has experienced a vulnerability in Azure’s flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies around the world.
Because Microsoft cannot change those keys by itself, it emailed the customers telling them to create new ones. Microsoft’s email to customers said there was no evidence the flaw had been exploited.
The latest vulnerability comes after months of bad security news for Microsoft. The company was breached by the same hackers that infiltrated SolarWinds, and they stole Microsoft’s source code. Then several hackers broke into Exchange email servers while a patch was being developed.
Problems with Microsoft’s Azure cloud computing platform are especially troubling, because the company and security experts have been pushing customers to abandon most of their own infrastructure and rely on the cloud for heightened security.
Although cloud computing attacks are rare, they can be more devastating when they do occur. A federally contracted research lab tracks all known security flaws in software and rates them by severity. But there is no equivalent system for holes in cloud architecture, so many critical vulnerabilities remain undisclosed to users.