Potential Microsoft Azure Data Breach Cosmos DB

The news coming out now is the potential Microsoft Azure data breach Cosmos DB. The security research organization Wiz found this breach on 9 August and reported it to Microsoft on 12 August. The Wiz team named the vulnerability #ChaosDB.

Azure Cosmos DB is a fully managed NoSQL, relational, and vector database that offers single-digit millisecond response times, automatic scalability, and enterprise-grade security.

It’s interesting to hear that Wiz’s Chief Technology Officer, Ami Luttwak, is a former chief technology officer at Microsoft’s Cloud Security Group.

Microsoft agreed to pay $40,000 to find the flaw and report this #ChaosDB vulnerability. Potential Microsoft Azure Data Breach Cosmos DB

Patch My PC

Potential Microsoft Azure Data Breach Cosmos DB

The #ChaosDB is impacting the Cosmos DB of Azure customers without the need for credentials. It is reported that the Microsoft team disabled the vulnerable notebook feature within 48 hours of Wiz reporting it. As per Wiz, this vulnerability has two parts.

  • Stealing primary keys of Cosmos DB customers
  • Accessing customer data in Cosmos DB
Potential Microsoft Azure Data Breach Cosmos DB - Fig.1
Potential Microsoft Azure Data Breach Cosmos DB – Fig.1

Are You Impacted by the Azure Cosmos DB Data Breach?

As per Wiz’s blog post, every Cosmos DB account that uses the notebook feature created after February 2021 is potentially exposed.

Adaptiva

How to Fix Microsoft Azure Data Breach with Cosmos DB

As per the reports, the impacted organizations can follow the steps mentioned in the Microsoft documentation. You will have to secure access to data in Azure Cosmos DB.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.