Potential Microsoft Azure Data Breach with Cosmos DB

There is news coming out from now is the potential Microsoft Azure data breach with Cosmos DB. The security research organization Wiz found this breach on 9th Aug and reported it to Microsoft on the 12th of Aug. The Wiz team named the vulnerability #ChaosDB.

It’s interesting to hear that Wiz’s Chief Technology Officer, Ami Luttwak, is a former chief technology officer at Microsoft’s Cloud Security Group. It seems Microsoft agreed to pay $40,000 for finding the flaw and reporting this #ChaosDB vulnerability.

ChaosDB – Vulnerability Disabled within 48 Hours

The #ChaosDB is impacting the Cosmos DB of Azure customers without the need for any credentials. It is being reported that the Microsoft team disabled the vulnerable notebook feature within 48 hours after Wiz reported it. As per Wiz, there are two parts to this vulnerability.

  • Stealing primary keys of Cosmos DB customers
  • Accessing customer data in Cosmos DB
Potential Microsoft Azure Data Breach with Cosmos DB
Potential Microsoft Azure Data Breach with Cosmos DB

Are you impacted by Azure Cosmos DB Data breach?

As per Wiz’s blog post, every Cosmos DB account that uses the notebook feature created after February 2021 is potentially exposed.

Patch My PC

How to Fix Microsoft Azure Data Breach with Cosmos DB

As per the reports, the impacted organizations can follow the steps mentioned in the Microsoft documentation. You will have to secure access to data in Azure Cosmos DB.

About Author -> Anoop is Microsoft’s Most Valuable Professional Award winner from 2015 on the technologies! He is a Solution Architect on enterprise device management solutions with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like Configuration Manager, Windows 365 Cloud PC, Intune, Azure Virtual Desktop, Windows 10, and Windows 11.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.