Wiz says that this occurred as a result of an Azure feature called Shared Access Signature (SAS) tokens, which is “a signed URL that grants access to Azure Storage data.”
The URL gave full access to read and write all data in the Azure Storage. This is so obvious a security hole. This “feature” should never be. If you are going to use signed urls, then implement them so that they expire after 24 hours or something.