This article contains information related to Azure Key Leakage - Storm-0558. As described by the press and Microsoft, through a leaked OpenID signing key, it was possible for hackers to steal customer data of "approximately 25 organizations, including government agencies and related consumer accounts in the public cloud." Microsoft assures that no other customers are affected. Due to the severity of the incident and the possibility that this vulnerability affected other Azure customers, we decided to start our own investigations in the Azure services used by Nexus.
The impact is being investigated by Nexus, but at this moment we have not found any irregularities. Also, as stated in Microsoft's blog, they have already contacted all affected customers; Nexus not being one of them.
Further information will be available when the analysis is complete.