Microsoft says cyberattack triggered Azure outage that impacted Outlook, Starbucks app, and more
Microsoft says cyberattack triggered Azure outage that impacted Outlook, Starbucks app, and more
Microsoft Azure confirmed the attack in a status update—and said an error in the platform’s defense response may have ‘amplified the impact’ rather than initially mitigating it.
A global Microsoft Azure outage that impacted a range of services for consumers Tuesday — from reports of stalling Outlook emails to trouble ordering on Starbucks’ mobile app — was triggered by a distributed denial of service cyberattack, according to the tech giant.
Microsoft Azure, a cloud computing platform used by companies and organizations worldwide, confirmed the attack in a status update — and said an error in the platform’s defense response may have “amplified the impact” rather than initially mitigating it.
As a result, systems temporarily went down for select Azure, Microsoft 365 and Purview customers. The company’s update noted that connectively issues for “a subset” of Microsoft services began at around 11:45 a.m. UTC (7:45 a.m. EST) Tuesday and lasted nearly eight hours.
“We apologize for any inconvenience this may have caused,” Azure Support wrote on social media platform X Wednesday morning.
Outage reports were somewhat scattered Tuesday — with a handful of companies and services seeing user complaints that numbered in the hundreds or low thousands on outage tracker Downdetector. But there appeared to be a range in reach. Issues were reported by Minecraft video game players, Dutch football club FC Twente, the U.K. government’s HM Courts and Tribunals Service and more. Many found workarounds or said that services were restored in a matter of hours.
Some Starbucks customers, who were also among those impacted, were “briefly unable to access the mobile order and pay feature in the Starbucks app due to a third-party system outage” on Tuesday, company spokesperson Jaci Anderson told The Associated Press — but by early afternoon, that had largely been restored.
The AP reached out to Microsoft for further statement about the incident and its impacts Wednesday. According to Azure’s status report, the company plans to publish a preliminary post-incident report within 72 hours.
Tuesday’s Azure troubles arrived less than two weeks after millions of Windows-powered computers worldwide were disrupted by a faulty software update by cybersecurity firm CrowdStrike.
And Microsoft itself is already under the microscope for cybersecurity practices. In April, a federal cybersecurity review board issued a report alleging that a “cascade of errors” by the Redmond, Washington-based tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials.
The report described shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.
It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem.
Microsoft CEO Satya Nadella repeatedly described cybersecurity as a top priority for the company on an earnings call Tuesday.
—Wyatte Grantham-Philips, Associated Press business writer
Matt O’Brien and Dee-Ann Durbin, AP writers, contributed to this report.
(15)