Microsoft says DDOS cyber attack triggered Azure outage
A global Microsoft Azure outage that affected a range of services for consumers – from reports of stalling Outlook emails to trouble ordering on Starbucks’ mobile app – was triggered by a distributed denial of service cyber attack, according to the tech giant.
Microsoft Azure, a cloud computing platform used by companies and organisations worldwide, confirmed the attack in a status update – and said an error in the platform’s defence response may have “amplified the impact” rather than initially mitigating it.
As a result, systems temporarily went down for select Azure, Microsoft 365 and Purview customers.
The company’s update noted that connectively issues for “a subset” of Microsoft services began about 11.45am GMT on Tuesday (9.45pm AEST on Tuesday) and lasted nearly eight hours.
“We apologise for any inconvenience this may have caused,” Azure Support wrote on social media platform X on Wednesday morning.
Outage reports were somewhat scattered on Tuesday – with a handful of companies and services registering user complaints that numbered in the hundreds or low thousands on outage tracker Downdetector.
But there appeared to be a range in reach.
Issues were reported by Minecraft video game players, Dutch football club FC Twente, the United Kingdom government’s HM Courts and Tribunals Service and more.
Many found workarounds or said that services were restored in a matter of hours.
Some Starbucks customers, who were also among those affected, were “briefly unable to access the mobile order and pay feature in the Starbucks app due to a third-party system outage” on Tuesday, company spokesperson Jaci Anderson told the Associated Press – but by early afternoon, that had largely been restored.
According to Azure’s status report, the company plans to publish a preliminary post-incident report within 72 hours.
Tuesday’s Azure troubles arrived less than two weeks after millions of Windows-powered computers worldwide were disrupted by a faulty software update by cybersecurity firm CrowdStrike.
And Microsoft itself is already under the microscope for cybersecurity practices.
In April, a federal cybersecurity review board issued a report alleging that a “cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior US officials.
The report described shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple US agencies that deal with China.
It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem.
Microsoft CEO Satya Nadella repeatedly described cybersecurity as a top priority for the company on an earnings call on Tuesday.
#Microsoft #DDOS #cyber #attack #triggered #Azure #outage