Microsoft AI team accidentally leaks 38TB of private company data


AI researchers at Microsoft have made a huge mistake.

According to a new report from cloud security company Wiz, the Microsoft AI research team accidentally leaked 38TB of the company’s private data.

38 terabytes. That’s a lot of data.

The exposed data included full backups of two employees’ computers. These backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and more than 30,000 internal Microsoft Teams messages from more than 350 Microsoft employees.

So, how did this happen? The report explains that Microsoft’s AI team uploaded a bucket of training data containing open-source code and AI models for image recognition. Users who came across the Github repository were provided with a link from Azure, Microsoft’s cloud storage service, in order to download the models.

One problem: The link that was provided by Microsoft’s AI team gave visitors complete access to the entire Azure storage account. And not only could visitors view everything in the account, they could upload, overwrite, or delete files as well. 

Wiz says that this occurred as a result of an Azure feature called Shared Access Signature (SAS) tokens, which is “a signed URL that grants access to Azure Storage data.” The SAS token could have been set up with limitations to what file or files could be accessed. However, this particular link was configured with full access.

Adding to the potential issues, according to Wiz, is that it appears that this data has been exposed since 2020.

Wiz contacted Microsoft earlier this year, on June 22, to warn them about their discovery. Two days later, Microsoft invalidated the SAS token, closing up the issue. Microsoft carried out and completed an investigation into the potential impacts in August.

Microsoft provided TechCrunch with a statement, claiming “no customer data was exposed, and no other internal services were put at risk because of this issue.”





Source link: https://mashable.com/article/microsoft-ai-researchers-leaked-private-data-azure-link-github

Sponsors

spot_img

Latest

Alexander Bublik confesses shocking reason for just leaving court in 2022 Monte Carlo

Alexander Bublik confesses shocking reason for just leaving court in 2022 Monte Carlo © Getty Images Sport - Julian Finney Alexander Bublik has revealed...

Twitter engineers can still use ‘GodMode’ to tweet as any account, claims whistleblower

Twitter has a new whistleblower, as another former employee has sounded the alarm about security issues, according to The Washington Post. The new...

Premier League’s bottom side stun Pep Guardiola’s men through Sekou Mara and Moussa Djenepo, Kevin De Bruyne on for the visitors

Manchester City will look to continue marching towards reclaiming the Carabao Cup when they face Southampton in the quarter-finals tonight. Pep Guardiola’s side enjoyed...

Conor McGregor heaps praise on Ultimate Fighter contestant following bloodbath semi-final with teammate Brad Katona

Conor McGregor is starting to enjoy his latest Ultimate Fighter stint. ‘Notorious’ loved starring on the MMA reality TV show in 2015, but things...

Clippers coach Tyronn Lue fined $35,000 for saying officials at Golden State were ‘cheating’

LOS ANGELES (AP) — Los Angeles Clippers coach Tyronn Lue has been fined $35,000 for publicly criticizing game officials and questioning their integrity.The...