Microsoft has warned thousands of its Azure cloud computing customers, including many Fortune 500 companies, about a vulnerability that left their data completely exposed for the last two years.
A flaw in Microsoft’s Azure Cosmos DB database product left more than 3,300 Azure customers open to complete unrestricted access by attackers since 2019 when Microsoft added a data visualization feature called Jupyter Notebook to Cosmos DB. The feature was turned on by default for all Cosmos DBs in February 2021.
A listing of Azure Cosmos DB clients includes companies like Coca Cola, Liberty Mutual Insurance, ExxonMobil, and Walgreens, to name just a few.
We were able to get access to any customer database that we wanted
“This is the worst cloud…