Home » Technology

Microsoft employees accidentally expose 38TB of internal data; company respond

Microsoft's AI analysis workforce by accident uncovered 38 terabytes of personal knowledge, together with delicate data like secrets and techniques,
Technology

Microsoft’s AI analysis workforce by accident uncovered 38 terabytes of personal knowledge, together with delicate data like secrets and techniques, non-public keys, passwords, and over 30,000 inner Microsoft Teams messages whereas sharing open-source coaching knowledge on GitHub, in keeping with cloud safety firm Wiz.

Microsoft stated no buyer knowledge was uncovered.

The publicity occurred as a result of the researchers used an Azure characteristic known as Shared Access Signature (SAS) tokens to share their recordsdata, however the entry degree was configured incorrectly. Instead of limiting entry to particular recordsdata, the hyperlink shared all the storage account, together with the extra 38TB of personal knowledge, the report stated.

Additionally, the token was misconfigured to permit “full control” permissions, thus “not only could an attacker view all the files in the storage account, but they could delete and overwrite existing files as well.”

Microsoft’s reply

Wiz reported its findings to Microsoft on June 22, main Microsoft to revoke the SAS token on June 24.

Microsoft accomplished its investigation and stated that no buyer knowledge or different Microsoft companies have been in danger because of this difficulty. Furthermore, it stated that clients needn’t take any extra motion for safety.

“No customer data was exposed, and no other internal services were put at risk because of this issue. No customer action is required in response to this issue,” it stated in a press release.

The tech large defined that the issue stemmed from a Microsoft researcher inadvertently together with the SAS token in a public GitHub repository whereas contributing to open-source AI studying fashions. Microsoft clarified that there was no safety difficulty or vulnerability inside Azure Storage or the SAS token characteristic.

To stop such incidents, Microsoft stated, it encourages customers to create and deal with SAS tokens appropriately and observe finest practices. It stated additionally it is actively enhancing its detection and scanning instruments to establish circumstances of over-provisioned SAS URLs and improve their secure-by-default posture.

  • ABOUT THE AUTHOR

    Follow the newest breaking news and developments from India and world wide with Hindustan Times’ newsdesk. From politics and insurance policies to the financial system and the setting, from native points to nationwide occasions and international affairs, we have you coated. …view element

Source: www.hindustantimes.com

0
Like this post? Please share to your friends:
Related articles
Technology 0
WhatsApp Outage Affects Web and Mobile Users In India For More Than 1 Hour: WhatsApp Responds – News18
Last Updated: April 04, 2024, 02:02 IST WhatsApp customers unable to entry their account
Technology 0
Cyber Attack, Data Breach Among Top Risks For Businesses In India: Survey
Global skilled companies agency Aon collected inputs from round 3,000 danger managers, c-suite leaders,
Technology 0
Tech Talk: Un-Masking Facial Recognition Challenges In Wake of Bengaluru Cafe Blast Probe – News18
Photos of the Bengaluru blast suspect launched by the NIA.
Technology 0
OTT platforms ban: These 18 OTT platforms taken down over vulgar content. Check complete list here
OTT Platforms Ban: Union I&B minister Anurag Thakur stated that eighteen OTT platforms have
Technology 0
ASUS Zenbook S 13 OLED, Vivobook 15 Laptops With Windows 11 OS Launched In India; Check Price, Specs And Availability
The Zenbook S 13 OLED laptop computer is produced from recycled metallic and plastics
Technology 0
Xiaomi 14 Brings Flagship Hardware And Leica Cameras To The Party – News18
Last Updated: March 13, 2024, 09:30 IST