Microsoft had to warn thousands of business users on Thursday about its cloud service, a breach that could make their data more vulnerable. The quake came as the group announced it would invest $ 20 billion in cybersecurity over five years.
“Imagine being able to have full access to the accounts and databases of thousands of Microsoft Azure customers, including large corporations,” said engineers at the faulty cybersecurity company Viz. Two weeks ago.
Microsoft responded that “we immediately repaired the system to ensure the safety and security of our customers”, which also confirmed that it had alerted the affected companies. First, according to the IT giant, the bug was not exploited by malicious actors.
According to Wiz, Microsoft actually deactivated the faulty system quickly, then “more than 30% of Cosmos DB’s customers were informed”, the cloud, that they had to change their access keys.
The bug was exploited for months
Relevant customers are still at risk and others are even more concerned than those who have already been warned, because “this error has been exploited for at least several months and even years,” the researchers explained.
Microsoft is the second largest cloud group in the world, after Amazon. The sector, which has been growing strongly over the years, has attracted more customers during the Kovid-19 epidemic with the need for digital services ranging from televerking explosion and entertainment to online consumption.
“Companies like Coca-Cola and ExxonMobil use Cosmos DB to handle huge amounts of data in real time in the world,” Wiz said. The cloud is used to store data, but also to analyze and process it, from orders to suppliers to transactions with customers.
20 billion invested in cyber security
The news fell badly for Microsoft, whose mailbox servers were affected by a massive cyber attack in the United States in late 2020. During a meeting of digital giants around the American president, the American giant promised Joe Biden this week that he would invest $ 20 billion over five years in cybersecurity.
As cyber attacks multiply against private computers, administrations and businesses, Microsoft, by default, wants to accelerate its efforts on security, a concept that has long been suggested by cybersecurity experts. In concrete, the user benefits from the parameters that best ensure his safety, even if his experience is less pleasant, without doing anything.
Boi Awake afp et cf