Cosmos DB Vulnerability: Error on the Side of Caution

On August 26, Internet security firm, Wiz, announced it had found a security flaw in Microsoft Azure Cosmos DB, a global multi-model NoSQL store used by thousands of enterprises around the world.

The exploit, named “ChaosDB,” allows bad actors to access the primary keys to a Cosmos DB account. The exploit was found in the recently added Jupyter Notebook feature of Cosmos DB.

In response to this threat, Microsoft immediately disabled this feature for a full security audit.

Our Recommendation

OneNeck recommends everyone who has implemented a Cosmos DB account immediately regenerate the primary and secondary access keys. This will ensure continued data privacy.  While Microsoft doesn’t believe any customer data has been leaked, but your keys should immediately be regenerated to be safe.

If you have any questions regarding this vulnerability, we are here to help. Don’t hesitate to reach out.

Keep Moving Forward. We Have Your Back.