The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI l

Microsoft leaks 38TB of private data via unsecured Azure storage

submited by
Style Pass
2023-09-19 14:30:10

The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.

Almost three years later, this was discovered by cloud security firm Wiz whose security researchers found that a Microsoft employee inadvertently shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information.

Microsoft linked the data exposure to using an excessively permissive Shared Access Signature (SAS) token, which allowed full control over the shared files. This Azure feature enables data sharing in a manner described by Wiz researchers as challenging to monitor and revoke.

When used correctly, Shared Access Signature (SAS) tokens offer a secure means of granting delegated access to resources within your storage account. 

This includes precise control over the client's data access, specifying the resources they can interact with, defining their permissions concerning these resources, and determining the duration of the SAS token's validity.

Leave a Comment