Microsoft's GitHub Leak Exposes 38TB of Private Data

Microsoft Incidents Causes Data Leak on GitHub

Reduce mobile data usage on your Android phone with these simple tips

Microsoft, the tech giant, recently encountered a major security breach resulting in the accidental exposure of 38TB of private employee data. The incident, caused by an "overly-permissive" URL link, provided unauthorized access to sensitive information. This leak contained a disk backup of two employee workstations, exposing secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.

Digital Chief at BT Confidently Embraces Telco AI Opportunity

After being notified by Wiz, Microsoft confirmed the data breach but assured that no customer data or other internal services were compromised. The company quickly took action to prevent further access and resolved the issue.

The compromised URL had an "overly-permissive" Shared Access Signature token, granting full control permissions instead of read-only access. This misconfiguration allowed attackers not only to view files but also to delete and overwrite them.

This incident highlights the growing risks organizations face when leveraging the power of AI and handling massive amounts of training data. As more engineers and data scientists work with extensive datasets, additional security checks and safeguards become crucial.

Earlier this year, Microsoft faced backlash when suspected China-based hackers exploited vulnerabilities to access government officials' emails by impersonating Microsoft Azure AD users. These incidents emphasize the need for robust cybersecurity measures and continuous improvements in data protection.