Microsoft has announced that it has corrected a security flaw affecting its Cosmos DB database service, one of the major tools in its cloud computing system for businesses, Windows Azure. The flaw, which potentially allowed access to data from ” several thousands “ customers, including very large companies, appear not to have been exploited by potential hackers, Microsoft says.
The flaw was discovered by cybersecurity firm Wiz, whose technical team is led by a former Microsoft security manager. “We immediately corrected the problem to keep our customers safe. We thank the computer security researchers for reporting this flaw to us, ”Microsoft told Reuters. The company also paid $ 40,000 (34,000 euros) to Wiz as part of its loophole discovery rewards program.
The fault has allowed Wiz researchers access to a master key, which made it possible to consult or modify the data of the service’s customers. Potentially affected customers are encouraged to generate new security keys; Microsoft says it has contacted all customers for whom this procedure is necessary.