A computer breach discovered on Microsoft's cloud, thousands of companies warned - France 24

San Francisco (AFP)

Microsoft had to warn thousands of business customers of its cloud service (remote computing) on ​​Thursday of a flaw that left their data vulnerable for an extended period.

The problem was discovered two weeks ago by Wiz, a cybersecurity company.

"Imagine our surprise when we managed to gain full access to the accounts and databases of several thousand Microsoft Azure customers, including large companies," the engineers told the firm's blog on Thursday.

"We immediately repaired the system to ensure the safety and protection of our customers," Microsoft responded in response to a request from AFP, also confirming that it had warned potentially affected organizations.

A priori, the flaw has not been exploited by malicious actors, according to the IT giant.

According to Wiz, Microsoft has indeed quickly deactivated the fallible system, then "informed more than 30% of customers of Cosmos DB", the cloud concerned, that they had to change their access keys.

But they are potentially still in danger, and others than those already warned could be concerned too, because "the flaw has been exploitable for at least several months, even years", detail the researchers.

The group is the second largest cloud leader in the world, behind Amazon.

This sector, which has been growing rapidly for years, has conquered even more customers during the pandemic, with the explosion of teleworking and the need for digital services, from entertainment to online consumption.

Companies like Coca-Cola and Exxon-Mobil "use Cosmos DB to manage massive amounts of data in the world in real time," Wiz mentions.

The cloud is used to store data, but also to analyze and process it, from orders to suppliers to transactions with consumers.

"The nightmare of any director of security in a company is that someone gets their access keys and uses them to extract gigabytes of data at once," said the cybersecurity firm.

These incidents "have become common in recent years, and it is alarming," she adds.

The news falls badly for Microsoft, whose mailbox servers were affected at the end of 2020 by a gigantic cyber attack in the United States.

© 2021 AFP