Microsoft leaks 38TB of private data

I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,318
2
55,055
8,379
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-leaks-38tb-of-private-data-via-unsecured-azure-storage/
The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.

Almost three years later, this was discovered by cloud security firm Wiz whose security researchers found that a Microsoft employee inadvertently shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information.
Click to expand...
The Wiz Research Team found that besides the open-source models, the internal storage account also inadvertently allowed access to 38TB worth of additional private data.

The exposed data included backups of personal information belonging to Microsoft employees, including passwords for Microsoft services, secret keys, and an archive of over 30,000 internal Microsoft Teams messages originating from 359 Microsoft employees.

In an advisory on Monday by the Microsoft Security Response Center (MSRC) team, Microsoft said that no customer data was exposed, and no other internal services faced jeopardy due to this incident.

Wiz reported the incident to MSRC on June 22nd, 2023, which revoked the SAS token to block all external access to the Azure storage account, mitigating the issue on June 24th, 2023.
Click to expand...
 
  • Wow
  • Like
  • HaHa
Reactions: Nevi, CyberTech, simmerskool and 14 others
giphy.gif
 
  • Like
  • HaHa
  • Love
Reactions: Nevi, CyberTech, simmerskool and 5 others
As part of the Wiz Research Team’s ongoing work on accidental exposure of cloud-hosted data, the team scanned the internet for misconfigured storage containers. In this process, we found a GitHub repository under the Microsoft organization named . The repository belongs to Microsoft’s AI research division, and its purpose is to provide open-source code and AI models for image recognition. Readers of the repository were instructed to download the models from an Azure Storage
Click to expand...
www.wiz.io

38TB of data accidentally exposed by Microsoft AI researchers | Wiz Blog

Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
www.wiz.io www.wiz.io
 
  • Like
  • +Reputation
Reactions: Nevi, simmerskool, oldschool and 6 others
TairikuOkami said:
Darn it, I knew that I should not have shared my sleep schedule with MS. That explains why my castle in Stronghold Online was taken over twice during that time, while I was asleep. :(
Click to expand...

What are you talking about, I'm still trying to perfect my Asteroid and Space Invader skills 😅

malwaretips.com

Technology News - Atari 2600+

It's time to dust off your old Atari cartridges as the company again tries to tap into gaming nostalgia with an updated version of its iconic Atari 2600. The upcoming Plus model has the same look as the 80s classic, and will ship with a 10-in-1 cartridge but also supports legacy 2600 and 7800...
malwaretips.com malwaretips.com
 
  • Like
  • HaHa
  • Love
Reactions: Marko :), vtqhtr413, Nevi and 3 others
You must log in or register to reply here.

You may also like...