For the past couple of months, a Blob Storage Account on my personal Subscription has been hit with transactions that aren't mine, around 300K GetBlobProperties per time. Usually, they're every seven hours, but they occasionally stop for a couple of days at a time, and have recently stopped for seven days, but they've started again. It's a small, mostly Archive Storage Account with 1.5 TB and around 300K blobs. I've tried everything that I can think of to stop these transactions, as they're definintely unwanted (and costing me a comparatively lot of money):
- Renew the Storage Keys (and haven't given them to anything)
- Limited access to specific subnets (and then didn't configure any)
- Disabled access even to Azure exception services
The Storage Account is the target of my laptop's backup job (MSP360), but that laptop hasn't been on in months, so can't be the source.
I don't have any VMs or any other resources, and I don't have any special tracking configured (to the best of my knowledge). My reading of the logs (when I enabled them) was that the calls are to .SuccessE2ELatency and .SuccessServerLatency, but I've not found anything online to hint at what it could be. The source IPs were 10.218.0.13,14,15, but those are non-routable so not much help.
Any ideas for tracking down the root cause would be appreciated! I'm relatively new to Azure, but have a general idea about cloud (I've done the Fundamentals course). Could it be another one of my work-linked accounts getting in somehow? I can't see anything in the permissions...