Skip to main content
Skip table of contents

Nexus information on: Azure Key Leakage - Storm-0558

Latest update:

2023-09-12

General information

This article contains information related to Azure Key Leakage - Storm-0558. As described by the press and Microsoft, through a leaked OpenID signing key, it was possible for hackers to steal customer data of "approximately 25 organizations, including government agencies and related consumer accounts in the public cloud." Microsoft assures that no other customers are affected. Due to the severity of the incident and the possibility that this vulnerability affected other Azure customers, we decided to start our own investigations in the Azure services used by Nexus.

Impact

The impact is being investigated by Nexus, but at this moment we have not found any irregularities. Also, as stated in Microsoft's blog, they have already contacted all affected customers; Nexus not being one of them.

Further information

Further information will be available when the analysis is complete.

Official Microsoft information

Analysis of Storm-0558 techniques for unauthorized email access


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close