/ /

Microsoft’s 38 Terabyte Data Leak Sparks Security Wake-Up Call

Microsoft's 38 Terabyte Data Leak Sparks Security Wake-Up Call

In a significant security lapse, Microsoft inadvertently exposed a staggering 38 terabytes of confidential data stored in its AI GitHub repository. The breach, stemming from an overly permissive Shared Access Signature (SAS) token, has raised concerns about data security in the rapidly evolving field of artificial intelligence.

Data Leak Discovery

The incident came to light when Microsoft was in the process of publishing a bucket of open-source training data on its AI GitHub repository. Unfortunately, this seemingly routine action inadvertently led to the exposure of a massive amount of private data.

What Was Exposed

The breach compromised the security of a variety of sensitive information, including secrets, encryption keys, passwords, and over 30,000 internal Teams messages. Shockingly, this exposure also included a disk backup containing confidential data from the workstations of two former employees.

The Repository at the Heart of the Matter

The repository in question was named “robust-models-transfer” and was home to a collection of source code and machine learning models. These materials were associated with a 2020 research paper titled “Do Adversarially Robust ImageNet Models Transfer Better?”

The SAS Token Issue

The primary culprit behind this data leak was an overly permissive SAS token. SAS tokens, a feature of Microsoft’s Azure cloud platform, are intended to facilitate secure data sharing. However, in this case, the token’s configuration allowed unauthorized access not just to specific files but to the entire storage account. Furthermore, the token was mistakenly configured to grant “full control” permissions, enabling malicious actors to view, delete, and overwrite files.

Microsoft’s Response and Resolution

Upon discovering the breach, Microsoft acted swiftly. They revoked the problematic SAS token and blocked external access to the compromised storage account. Importantly, their investigation revealed no evidence of unauthorized exposure of customer data, and internal services remained unaffected. The issue was resolved within two days of being reported.

Strengthening Security Measures

To prevent similar incidents in the future, Microsoft has expanded its secret scanning service to identify SAS tokens with overly permissive settings. They have also addressed a bug in their scanning system that previously resulted in false positives. Experts emphasize the importance of robust security and governance when dealing with Account SAS tokens, underscoring the potential risks of token creation mistakes.

Previous Azure Storage Account Concerns

This is not the first time that misconfigured Azure storage accounts have come under scrutiny. In July 2022, JUMPSEC Labs highlighted potential threats associated with such accounts, illustrating how threat actors could exploit them to gain access to enterprise on-premise environments.

AI and Data Security

As the reliance on artificial intelligence and machine learning grows, the security of massive datasets becomes paramount. Data scientists and engineers working on AI projects must prioritize stringent security checks and safeguards. This incident serves as a stark reminder of the challenges posed by handling extensive datasets for research, collaboration, and open-source projects in the AI field.

News

Conclusion: 

This security breach underscores the critical importance of robust data security, particularly in the evolving landscape of AI and machine learning. Microsoft’s rapid response and efforts to enhance SAS token security demonstrate their commitment to rectifying the situation. As technology continues to advance, it is imperative to remain vigilant in safeguarding sensitive information to prevent future incidents like this one.

For More Information, About Author Visit Our Team

More on this

Пин Ап казино – Официальный сайт Pin Up Casino вход на зеркало

Reading Time: 1 minute
Пин Ап казино – Официальный сайт Pin Up Casino вход на зеркало ▶️ ИГРАТЬ Содержимое Пин Ап казино – Официальный сайт Вход на зеркало Как использовать зеркало Pin Up Casino Преимущества и функции Pin Up Casino Большой выбор игр Безопасность…

Vodka онлайн казино – обзор

Reading Time: 1 minute
Vodka онлайн казино – обзор ▶️ ИГРАТЬ Содержимое Вода онлайн казино: обзор Преимущества Воды онлайн казино Как начать играть в Вода онлайн казино Преимущества онлайн казино В последние годы интернет-казино стали все более популярными, и это неудивительно. Ведь они предлагают…

Олимп казино официальный сайт в Казахстане – Olimp Casino

Reading Time: 1 minute
Олимп казино официальный сайт в Казахстане – Olimp Casino ▶️ ИГРАТЬ Содержимое Преимущества игры в Olimp Casino Безопасность и надежность Как начать играть в Olimp Casino Если вы ищете надежный и безопасный способ играть в онлайн-казино, то Olimp Casino –…