[Asia Economy Reporter Kim Suhwan] Microsoft (MS)'s cloud database system has reportedly been exposed to potential cyberattacks for over two years, affecting thousands of customers.
On the 27th (local time), Bloomberg News cited research from an Israeli cybersecurity firm, reporting that "a bug was found in MS's cloud service 'Azure,'" and "more than 3,300 customers were exposed to risk. Hackers could have potentially modified or stolen confidential information from these customers."
According to the report, the researchers analyzed that this vulnerability likely originated in mid-2019 when MS deployed a new update.
At that time, MS had released a new feature allowing customers to directly modify their database code to help visualize data.
A researcher involved stated, "If I had been using this cloud database, someone could have accessed my data without my knowledge," adding, "If this vulnerability had not been resolved, such incidents could have actually occurred."
Bloomberg News reported that customers using this database include the U.S. pharmacy chain Walgreens, U.S. oil company ExxonMobil, as well as Coca-Cola and Citrix Systems.
Earlier, a major foreign media outlet reported that MS sent security warnings to customers regarding this vulnerability and urged these companies to take additional security measures, such as creating new digital security keys.
MS stated that the discovered vulnerability has been resolved and "so far, there have been no known hacking attempts exploiting this bug."
MS further added, "There is no confirmed evidence that customer data was leaked due to this vulnerability."
Meanwhile, it was reported that a defect in MS's recently released business software 'MS Power Apps' led to a massive leak of users' names, addresses, phone numbers, and emails.
DPA News reported on the 25th that even health-related information such as COVID-19 contact tracing and vaccination details was leaked.
The cybersecurity company UpGuard, which discovered the defect, informed MS of the risk on June 24, but claimed that MS did not pay proper attention.
UpGuard added that due to a personal information setting error in the problematic software, this massive leak occurred, affecting at least 47 companies and institutions.
Notably, CNN reported that not only private companies but also government agencies using the problematic software had user personal information leaked.
The leaked list included the Maryland Department of Health, New York Metropolitan Transportation Authority, American Airlines, and Ford, with CNN reporting that employees' personal information circulated for several months.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
