A vulnerability in Cosmos DB reportedly endangered the data of thousands of companies that use Microsoft’s cloud platform.
Researchers at cloud security firm Wiz have revealed a vulnerability that can be exploited to give attackers unfettered access to Microsoft Azure Cosmos DB instances. They dubbed the vulnerability ChaosDB, and it may have exposed thousands of companies’ data dating back to 2019. And they aren’t no-name companies: Microsoft says on the Cosmos DB website that its database service is used by Fortune 500 companies like Coca-Cola, Exxon Mobil, and Liberty Mutual. Wiz says ChaosDB was introduced when Microsoft added support for Jupyter Notebook, a service used to create interactive documents that are popular among data scientists, to Cosmos DB in 2019. The feature was then enabled by default for all Cosmos DB customers in February.
