Up to 38TB of sensitive company information was accidentally leaked by Microsoft AI staffers due to a misconfigured Azure SAS token, according to new

Microsoft mishap leaves 38TB of private data exposed for three years

submited by
Style Pass
2023-09-19 21:00:05

Up to 38TB of sensitive company information was accidentally leaked by Microsoft AI staffers due to a misconfigured Azure SAS token, according to new research. 

Analysis from researchers at cloud security firm Wiz found that Microsoft’s AI research team uploaded an overly permissive URL to its GitHub repository which directed anyone to access the trove of what should be private data.

Data exposed in the mishap included full backups of two employee work devices, both of which contained data including passwords to Microsoft services, private keys, and records of more than 30,000 internal Microsoft Teams messages. 

As part of its activity on the platform, Microsoft’s AI research team regularly provides links to open source training data for the community to use, but the link in question led to an Azure Storage bucket which was misconfigured, allowing access to more private data.

Researchers at the tech giant were found to have shared files using Azure Shared Access Signature (SAS) tokens, which enable users to access and share data from the service’s storage accounts. 

Leave a Comment