Home » Technology » Microsoft » Microsoft Security Researchers Exposed 38TB Of Internal Data Accidentally

Microsoft Security Researchers Exposed 38TB Of Internal Data Accidentally

chronicle

Microsoft is under particular scrutiny when it comes to AI. Now the company’s researchers have made an unpleasant mistake. An unintentional entry in the Microsoft AI repository on GitHub had exposed 38 TB of internal data.

Microsoft accidentally reveals internal data

At regular intervals, Microsoft’s AI research department makes its training data public on GitHub under an open-source license. As security researchers noticed, there was recently an error in this release that was probably caused by careless Microsoft employees.

As WizResearch writes, Microsoft also disclosed a disk backup in the data that contained confidential data, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The data was not directly part of the Github storage; rather, Microsoft employees had “forgotten” their SAS (Shared Access Signature) tokens from the Azure Storage accounts among the data.

The security researchers informed Microsoft of their discovery on June 22nd, triggering an internal investigation. As Microsoft recently announced, this review showed that no customer data was disclosed. Furthermore, no evidence of threats to internal services could be identified. Access that was possible via the tokens was closed on June 24th.

GitHub responds

Microsoft has actually integrated a mechanism into GitHub that is intended to prevent the disclosure of login credentials and other secrets in plain text by scanning submitted open-source code. As the company announces, this detection has now been extended to all SAS tokens “that may have excessive expiry times or permissions.”

Last but not least, the incident is being used as an opportunity to examine all public repositories in Microsoft-owned or affiliated organizations and accounts for the possible disclosure of additional SAS tokens.