Microsoft made the grave error of accidentally leaking sensitive data. This is what happened next
Microsoft data leak
AI researchers at Microsoft have committed a grave error, as revealed in a recent report by cloud security company Wiz. The Microsoft AI research team inadvertently disclosed a massive38 terabytes of the company's confidential data.
Among the exposed data were complete backups of two employees' computers, housing sensitive personal information such as passwords for Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from more than 350 Microsoft employees, reported Mashable.
So, how did thisincident occur?
According to the report, the Microsoft AI team uploaded a repository of training data containing open-source code and AI models designed for image recognition. Users stumbling upon this Github repository acquireda link from Azure, Microsoft's cloud storage service, enabling them to download these models.
However, a critical flaw cropped up:the link provided by Microsoft's AI team granted visitors unrestricted access to the entire Azure storage account. This meant that visitors not only had the ability to browse through all the contentwithin the account but also had the power to upload, overwrite, or delete files at their discretion.
)
Was Jeffrey Epstein really involved in cannibalism? Here's what DOJ files reveal
&im=FitAndFill=(700,400))
What is 'Condition Red' & why USS Abraham Lincoln's crew is running 24x7
&im=FitAndFill=(700,400))
Target locked? How satellites can help the USS Abraham Lincoln set its primary targets in Iran
&im=FitAndFill=(700,400))
'US vs Iran’: What can be the reason Iran is not afraid of USS Abraham Lincoln?
&im=FitAndFill=(700,400))
How B-2 bomber pilots can eject themselves in an emergency
&im=FitAndFill=(700,400))
Epstein files released: DOJ reveals disturbing photo of Bill Clinton in pool with Ghislaine Maxwell & a mystery woman
&im=FitAndFill=(700,400))
Which is the US’s largest and most expensive helicopter?
&im=FitAndFill=(700,400))
What was the maximum speed of the Iranian drone shot down by the USS Abraham Lincoln?
Wiz said this vulnerability stemmed from an Azure feature known as Shared Access Signature (SAS) tokens, which essentially offers a signed URL for accessing Azure Storage data. The SAS token could have been configured with specific limitations governing which files could be accessed. The link in question had been configured with full access rights.
Compounding the issue, Wiz noted that this data had seemingly been exposed since 2020. This extended period of exposure significantly amplified the potential risks associated with the breach.
Also watch |Bard Gets Smarter: Google AI Chatbot gets new features
Upon discovering this security lapse, Wiznotified Microsoft on June 22 this year. Microsoft invalidated the SAS token within two days, effectively sealing the vulnerability. Subsequently, Microsoft conducted a comprehensive investigation into the potential repercussions, successfully concluding it by August.
Microsoft has issued a statement to TechCrunch, asserting that "no customer data was exposed, and no other internal services were put at risk because of this issue."
WATCH WION LIVE HERE: