Data Leakage Incident at Microsoft: Confidential Information Accidentally Exposed
Microsoft, one of the leading technology companies, recently experienced a data leakage incident where researchers accidentally revealed dozens of terabytes of confidential information. The incident occurred when an AI data storage system, meant for training purposes, was mistakenly placed on GitHub, a widely-used platform for hosting and sharing code repositories.
Cloud safety experts at Wiz, a startup specializing in cloud security, made a startling discovery after examining the leaked data. They found that the link to the data storage in Microsoft’s Azure cloud platform provided unrestricted access to all the stored contents, going beyond just the intended teaching data. As a result, a staggering 38 terabytes of sensitive data were exposed.
Among the exposed information were personal backups belonging to two Microsoft employees and approximately 30,000 messages from Microsoft Teams, the company’s collaborative communication platform. The incident highlights the potential risks associated with careless handling of data storage systems, especially when crucial security measures are overlooked.
Worryingly, the leaked URL granted “full rights” to unauthorized individuals, potentially allowing them to manipulate or remove the data. Recognizing the severity of the situation, Wiz promptly alerted Microsoft about the data leakage issue. Action was taken swiftly, and access to the exposed data was promptly closed within two days of being notified.
Data security and privacy are paramount in today’s digital age, particularly as organizations increasingly rely on artificial intelligence and cloud computing technologies. While accidental data breaches can occur, it is essential for companies to maintain stringent security protocols to prevent such incidents from happening. Microsoft will undoubtedly review its internal processes to prevent similar data leakages from happening in the future.
Sources: Wiz.io