/ /

Microsoft’s 38 Terabyte Data Leak Sparks Security Wake-Up Call

Microsoft's 38 Terabyte Data Leak Sparks Security Wake-Up Call

In a significant security lapse, Microsoft inadvertently exposed a staggering 38 terabytes of confidential data stored in its AI GitHub repository. The breach, stemming from an overly permissive Shared Access Signature (SAS) token, has raised concerns about data security in the rapidly evolving field of artificial intelligence.

Data Leak Discovery

The incident came to light when Microsoft was in the process of publishing a bucket of open-source training data on its AI GitHub repository. Unfortunately, this seemingly routine action inadvertently led to the exposure of a massive amount of private data.

What Was Exposed

The breach compromised the security of a variety of sensitive information, including secrets, encryption keys, passwords, and over 30,000 internal Teams messages. Shockingly, this exposure also included a disk backup containing confidential data from the workstations of two former employees.

The Repository at the Heart of the Matter

The repository in question was named “robust-models-transfer” and was home to a collection of source code and machine learning models. These materials were associated with a 2020 research paper titled “Do Adversarially Robust ImageNet Models Transfer Better?”

The SAS Token Issue

The primary culprit behind this data leak was an overly permissive SAS token. SAS tokens, a feature of Microsoft’s Azure cloud platform, are intended to facilitate secure data sharing. However, in this case, the token’s configuration allowed unauthorized access not just to specific files but to the entire storage account. Furthermore, the token was mistakenly configured to grant “full control” permissions, enabling malicious actors to view, delete, and overwrite files.

Microsoft’s Response and Resolution

Upon discovering the breach, Microsoft acted swiftly. They revoked the problematic SAS token and blocked external access to the compromised storage account. Importantly, their investigation revealed no evidence of unauthorized exposure of customer data, and internal services remained unaffected. The issue was resolved within two days of being reported.

Strengthening Security Measures

To prevent similar incidents in the future, Microsoft has expanded its secret scanning service to identify SAS tokens with overly permissive settings. They have also addressed a bug in their scanning system that previously resulted in false positives. Experts emphasize the importance of robust security and governance when dealing with Account SAS tokens, underscoring the potential risks of token creation mistakes.

Previous Azure Storage Account Concerns

This is not the first time that misconfigured Azure storage accounts have come under scrutiny. In July 2022, JUMPSEC Labs highlighted potential threats associated with such accounts, illustrating how threat actors could exploit them to gain access to enterprise on-premise environments.

AI and Data Security

As the reliance on artificial intelligence and machine learning grows, the security of massive datasets becomes paramount. Data scientists and engineers working on AI projects must prioritize stringent security checks and safeguards. This incident serves as a stark reminder of the challenges posed by handling extensive datasets for research, collaboration, and open-source projects in the AI field.

News

Conclusion: 

This security breach underscores the critical importance of robust data security, particularly in the evolving landscape of AI and machine learning. Microsoft’s rapid response and efforts to enhance SAS token security demonstrate their commitment to rectifying the situation. As technology continues to advance, it is imperative to remain vigilant in safeguarding sensitive information to prevent future incidents like this one.

Subscribe To Get 10000+ Prompts For 51 Categories

Subscribe and get daily new Update and Free Prompts

For More Information, About Author Visit Our Team

More on this

107 Best Expertly Crafted ChatGPT Prompts for Fundraising

Reading Time: 27 minutes
Looking to boost your fundraising efforts with tailored strategies? These 110 expert ChatGPT prompts for fundraising will help you craft powerful campaigns, engage donors, and optimize your fundraising initiatives for success. Whether you’re organizing events, building donor relationships, or leveraging…

99 Best Helpful ChatGPT Prompts for Instagram Captions

Reading Time: 13 minutes
Discover the art of crafting engaging Instagram captions that captivate and connect with your audience. From celebrating personal milestones to showcasing new products, our prompts will help you create content that stands out. Boost your social media presence and drive…

77 Best Helpful ChatGPT Prompts for Job Search

Reading Time: 15 minutes
Searching for a new job can be challenging, but with the right strategies, you can land your dream role faster. These ChatGPT prompts for Job Search are designed to help job seekers optimize their resumes, prepare for interviews, and navigate…

99 Best Helpful ChatGPT Prompts for Job Seekers

Reading Time: 21 minutes
Unlock the secrets to a successful job search with our ChatGPT prompts for job seekers. Whether you’re preparing for panel interviews, negotiating offers, or transitioning careers, these strategies are tailored to help you navigate the job market effectively. Start refining…