Microsoft has issued a warning to thousands of its cloud computing customers that a vulnerability makes it possible for other people to read, change, or delete their main databases. The vulnerability is in Microsoft Azure's flagship Cosmos DB database.
Note: Tech Impact’s Managed Services clients do not use this particular Azure Database service and are unaffected by this issue.
According to Reuters (https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/), the issue was discovered by a private security research team that managed to read the access keys to thousands of databases held by other companies. Because Microsoft cannot change those keys, it alerted customers Thursday and asked them to do so immediately.
Microsoft has stated that there was no evidence the flaw had been exploited by anyone other than the private security company that discovered it.