When a team of researchers working on artificial intelligence uncovered a vast collection of data, the human factor once again caused a mistake that could have been very costly to Microsoft. A terabyte of confidential internal information was leaked.
The intentions were noble. Distribute and make available large collections of useful data in your digital warehouse; storage bucket Released in a GitHub repository with the goal of speeding the development of AI-based solutions. But its execution wasn’t perfect.
Access a 38 TB collection of sensitive Microsoft data
As the publication progresses tech crunchI discovered to start Specialized in security for cloud storage solutions, or cloud, Wiz. The source points out that his GitHub repository, which belongs to Microsoft’s specialized AI division, made a critical mistake that leaked sensitive information from the company itself.
As we worked on new image recognition algorithms and AI models, content made freely available by Microsoft through the same repository, something else was present. According to Wiz, someone… cloud.
All of 38 terabytes Information stored by Microsoft cloud The files in question contain more than the shared AI model and may be accessible to anyone involved. In other words, in addition to what was expected, they also had access to what was not expected.
File was accidentally published via GitHub
The improperly published files included several files backup Personal computers of at least two Microsoft employees. It also contained useful information from many other employees, ranging from passwords for Microsoft platforms and services to his more than 30,000 internal messages sent via Microsoft Teams.
That being said, all I needed was a URL (hyperlink) to access the huge collection dating back to 2020. This is all because someone accidentally clicked and selected the “Full Control” option instead of granting “View Only” permissions. Mr. Wiz points out.
An increased risk is that a malicious attacker could, for example, replace some of these files with malicious software. In fact, here you can get an access vector, a pass into Microsoft and its services.
Upon discovering and realizing the magnitude of the error, the organization Wiz immediately notified Microsoft on June 22nd. Microsoft has since revoked access to the collection in question, just two days later, on June 24th.
Meanwhile, the company plans to complete its security investigation by August 16th. For now, we must wait to see the real impact this accidental breach may have had on North American technology.
4gnews editors recommend the following:
Source: 4G News
I am James Novak, a passionate and experienced news writer with the ultimate goal of delivering the most accurate and timely information to my readers. I work in the news department at a website dedicated to providing reliable and up-to-date information about technology. My articles are widely circulated, often featured on major publications, and have been read by millions of people around the world.
