Microsoft AI team accidentally leaks 38TB of private company data

September 18, 2023 at 21:30

The Microsoft AI research team inadvertently shared a link that gave visitors full permissions to 38TB of private company data.
Credit: Omar Marques/SOPA Images/LightRocket via Getty ImagesAI researchers at Microsoft have made a huge mistake.
According to a new report from cloud security company Wiz, the Microsoft AI research team accidentally leaked 38TB of the company's private data.
These backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and more than 30,000 internal Microsoft Teams messages from more than 350 Microsoft employees.
The report explains that Microsoft's AI team uploaded a bucket of training data containing open-source code and AI models for image recognition.
Users who came across the Github repository were provided with a link from Azure, Microsoft's cloud storage service, in order to download the models.
One problem: The link that was provided by Microsoft's AI team gave visitors complete access to the entire Azure storage account.
Wiz says that this occurred as a result of an Azure feature called Shared Access Signature (SAS) tokens, which is "a signed URL that grants access to Azure Storage data."
Adding to the potential issues, according to Wiz, is that it appears that this data has been exposed since 2020.
Two days later, Microsoft invalidated the SAS token, closing up the issue.
Microsoft carried out and completed an investigation into the potential impacts in August.
Microsoft provided TechCrunch with a statement , claiming “no customer data was exposed, and no other internal services were put at risk because of this issue.”