Microsoft says that a cyberattack triggered the hours-long outage impacting Azure customers
NEW YORK (AP) — A global Microsoft Azure outage that impacted a range of services for consumers Tuesday — from reports of stalling Outlook emails to trouble ordering on Starbucks’ mobile app — was triggered by a distributed denial of service cyberattack, according to the tech giant.
Microsoft Azure, a cloud computing platform used by companies and organizations worldwide, confirmed the attack in an update — and said that an initial error in the platform’s defense response may have “amplified the impact” rather than mitigating it.
As a result, systems temporarily went down for select Azure, Microsoft 365 and Purview customers. The company’s update noted that connectively issues for “a subset” of Microsoft services began at around 11:45 a.m. UTC (7:45 a.m. EST) Tuesday and lasted nearly eight hours.
“We apologize for any inconvenience this may have caused,” Azure Support wrote on social media platform X Wednesday morning.
Outage reports were somewhat scattered Tuesday — with a handful of companies and services seeing user complaints that numbered in the hundreds or low thousands on outage tracker Downdetector. But there appeared to be a range in reach. Issues were reported by Minecraft video game players, Dutch football club FC Twente, the U.K. government’s HM Courts and Tribunals Service and more. Many found workarounds or said that services were restored in a matter of hours.
Some Starbucks customers, who were also among those impacted, were “briefly unable to access the mobile order and pay feature in the Starbucks app due to a third-party system outage” on Tuesday, company spokesperson Jaci Anderson told The Associated Press — but by early afternoon, that had largely been restored.
In a statement sent to the AP Wednesday, Microsoft confirmed that the service interruption was “fully resolved” and pointed to Azure’s status page for more details. According to Azure’s mitigation update, the company plans to publish a preliminary post-incident report within 72 hours.
Tuesday’s Azure troubles arrived less than two weeks after millions of Windows-powered computers worldwide were disrupted by a faulty software update by cybersecurity firm CrowdStrike.
And Microsoft itself is already under the microscope for cybersecurity practices. In April, a federal cybersecurity review board issued a report alleging that a “cascade of errors” by the Redmond, Washington-based tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials.
The report described shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.
It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem.
Microsoft CEO Satya Nadella repeatedly described cybersecurity as a top priority for the company on an earnings call Tuesday.
___________
AP Reporters Matt O’Brien in Providence, Rhode Island, and Dee-Ann Durbin in Detroit contributed to this report.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. AP