Microsoft AI team accidentally leaks 38TB of private company data

AI researchers at Microsoft have made a huge mistake.

According to a new report from cloud security company Wiz, the Microsoft AI research team accidentally leaked 38TB of the company’s private data.

38 terabytes. That’s a lot of data.

The exposed data included full backups of two employees’ computers. These backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and more than 30,000 internal Microsoft Teams messages from more than 350 Microsoft employees.

So, how did this happen? The report explains that Microsoft’s AI team uploaded a bucket of training data containing open-source code and AI models for image recognition. Users who came across the Github repository were provided with a link from Azure, Microsoft’s cloud storage service, in order to download the models.

One problem: The link that was provided by Microsoft’s AI team gave visitors complete access to the entire Azure storage account. And not only could visitors view everything in the account, they could upload, overwrite, or delete files as well. 

Wiz says that this occurred as a result of an Azure feature called Shared Access Signature (SAS) tokens, which is “a signed URL that grants access to Azure Storage data.” The SAS token could have been set up with limitations to what file or files could be accessed. However, this particular link was configured with full access.

Adding to the potential issues, according to Wiz, is that it appears that this data has been exposed since 2020.

Wiz contacted Microsoft earlier this year, on June 22, to warn them about their discovery. Two days later, Microsoft invalidated the SAS token, closing up the issue. Microsoft carried out and completed an investigation into the potential impacts in August.

Microsoft provided TechCrunch with a statement, claiming “no customer data was exposed, and no other internal services were put at risk because of this issue.”

Source link:




Trump lawyer rejected claim that juror’s political affiliation signified bias

Tacopina was responding to an April 30 motion by the plaintiff, E. Jean Carroll, to disqualify the juror — identified only as “Juror...

Dogecoin Displays Bullish Fractal On Key Support Retest

Dogecoin (DOGE) hovers above critical support at $0.06. Technical charts encounter a rare triple fractal pattern. Key...

Bitcoin Price Spike May Push Rally To This Amount, Top Analyst Predicts

The recent surge in the price of Bitcoin has revived hope in crypto assets. To this point, pseudonymous crypto analyst Cheds stated that a...

NYT ‘Connections’ hints and answers: Tips and tricks to help you with ‘Connections’ #106.

Connections is the latest New York Times word game that's captured the public's attention. The game is all about finding the "common threads...

Immortal X-Men 10 Sets Up Sins of Sinister With Horrifying Twist

A Charles Xavier we might be about to see, because Immortal X-Men #10 saves its greatest spike of dread for its very last...