Microsoft leaks 38TB of private data

Ink

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-leaks-38tb-of-private-data-via-unsecured-azure-storage/
The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.

Almost three years later, this was discovered by cloud security firm Wiz whose security researchers found that a Microsoft employee inadvertently shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information.
Click to expand...
The Wiz Research Team found that besides the open-source models, the internal storage account also inadvertently allowed access to 38TB worth of additional private data.

The exposed data included backups of personal information belonging to Microsoft employees, including passwords for Microsoft services, secret keys, and an archive of over 30,000 internal Microsoft Teams messages originating from 359 Microsoft employees.

In an advisory on Monday by the Microsoft Security Response Center (MSRC) team, Microsoft said that no customer data was exposed, and no other internal services faced jeopardy due to this incident.

Wiz reported the incident to MSRC on June 22nd, 2023, which revoked the SAS token to block all external access to the Azure storage account, mitigating the issue on June 24th, 2023.
Click to expand...
 
  • Wow
  • Like
  • HaHa
Reactions: Nevi, CyberTech, simmerskool and 14 others
Marko :)

Marko :)

Level 20
Verified
Top Poster
Well-known
Aug 12, 2015
967
giphy.gif
 
  • Like
  • HaHa
  • Love
Reactions: Nevi, CyberTech, simmerskool and 5 others
[correlate]

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
As part of the Wiz Research Team’s ongoing work on accidental exposure of cloud-hosted data, the team scanned the internet for misconfigured storage containers. In this process, we found a GitHub repository under the Microsoft organization named . The repository belongs to Microsoft’s AI research division, and its purpose is to provide open-source code and AI models for image recognition. Readers of the repository were instructed to download the models from an Azure Storage
Click to expand...
www.wiz.io

38TB of data accidentally exposed by Microsoft AI researchers | Wiz Blog

Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
www.wiz.io www.wiz.io
 
  • Like
  • +Reputation
Reactions: Nevi, simmerskool, oldschool and 6 others
Jonny Quest

Jonny Quest

Level 16
Verified
Top Poster
Well-known
Mar 2, 2023
794
TairikuOkami said:
Darn it, I knew that I should not have shared my sleep schedule with MS. That explains why my castle in Stronghold Online was taken over twice during that time, while I was asleep. :(
Click to expand...

What are you talking about, I'm still trying to perfect my Asteroid and Space Invader skills 😅

malwaretips.com

Technology News - Atari 2600+

It's time to dust off your old Atari cartridges as the company again tries to tap into gaming nostalgia with an updated version of its iconic Atari 2600. The upcoming Plus model has the same look as the 80s classic, and will ship with a 10-in-1 cartridge but also supports legacy 2600 and 7800...
malwaretips.com malwaretips.com
 
  • Like
  • HaHa
  • Love
Reactions: Marko :), vtqhtr413, Nevi and 3 others
You must log in or register to reply here.

Similar threads

F
    • Wow
    • HaHa
Security News Microsoft employees exposed internal passwords in security lapse
Replies
3
Views
1,440
Security News
Freki123
F
Ink
    • Like
    • Thanks
Changes to Microsoft Services Agreements; Limits use of AI Services (From September 30, 2023)
Replies
0
Views
1,504
News Archive
Ink
Ink
[correlate]
    • Like
    • +Reputation
    • Wow
Compromised Microsoft Key: More Impactful Than We Thought
Replies
0
Views
1,318
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top