Microsoft Azure cloud vulnerability is the ‘worst you can imagine’

Another day, another major Microsoft vulnerability. | Illustration by Alex Castro / The Verge

Microsoft has warned thousands of its Azure cloud computing customers, including many Fortune 500 companies, about a vulnerability that left their data completely exposed for the last two years.

A flaw in Microsoft’s Azure Cosmos DB database product left more than 3,300 Azure customers open to complete unrestricted access by attackers since 2019 when Microsoft added a data visualization feature called Jupyter Notebook to Cosmos DB. The feature was turned on by default for all Cosmos DBs in February 2021.

A listing of Azure Cosmos DB clients includes companies like Coca Cola, Liberty Mutual Insurance, ExxonMobil, and Walgreens, to name just a few.

We were able to get access to any customer database that we wanted

“This is the worst cloud...