Microsoft AI researchers expose 38TB confidential data

Occurred: October 2023

Microsoft AI researchers accidentally exposed 38 terabytes of confidential and private information on GitHub, raising questions about the company's security practices. 

Wiz researchers investigating a cloud-hosted data exposure discovered a Microsoft GitHub repository with open-source code for AI image recognition models. The data, some of which had been exposed since July 2020, included backups of two Microsoft employees’ computers, private passwords and passkeys, and more than 30,000 Teams chat messages exchanged by 359 Microsoft employees.

Microsoft linked the data exposure to using an excessively permissive Azure Cloud Shared Access Signature (SAS) token. In response, the company expanded GitHub’s secret spanning service, which tracks all public open-source code changes for credentials and other secrets exposed in plaintext. 

Operator: Microsoft
Developer: Microsoft/Github
Country: USA
Sector: Technology
Technology: Computer vision
Issue: Security

Page info
Type: Incident
Published: November 2023