The tech company said on Thursday that intruders could have had the ability to read, change or even delete their customers' databases, though they say the hole has now been patched up.
The vulnerability was a long-standing bug in the flagship database of Microsoft's Azure cloud service called Cosmos DB.
The exploit came to light when a research team at the security company Wiz said it could get access to any company database it wanted.
Microsoft told Reuters, "We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure..."
While the issue has been fixed - Microsoft is warning the thousands of customers to create new keys to access their databases.
The tech giant has faced other security challenges.
Suspected Russian government backed hackers stole some its source code during the SolarWinds attack.
Then a wide number of hackers broke into Exchange email servers while a patch was being developed.
This week, U.S. President Joe Biden met the executives of Big Tech, including Microsoft's Satya Nadella, and called on them to do more to protect the U.S. economy from cyber attacks.
After the meeting, Microsoft said it would invest $20 billion over five years to speed up its cyber security work.