The exploit, named “ChaosDB,” allows bad actors to access the primary keys to a Cosmos DB account. The exploit was found in the recently added Jupyter Notebook feature of Cosmos DB.
In response to this threat, Microsoft immediately disabled this feature for a full security audit.
OneNeck recommends everyone who has implemented a Cosmos DB account immediately regenerate the primary and secondary access keys. This will ensure continued data privacy. While Microsoft doesn’t believe any customer data has been leaked, but your keys should immediately be regenerated to be safe.
If you have any questions regarding this vulnerability, we are here to help. Don’t hesitate to reach out.
Keep Moving Forward. We Have Your Back.