Microsoft’s AI department grant access to a GitHub repository that stor confidential information about the company’s collaborators.
Researchers atartificial intelligence(AI) expos tens of terabytes of sensitive data such as private keys and passwords.
When they publish an open source data storage repository on GitHub.
According to an investigation by TechCrunch and cloud security firm Wiz
The cybersecurity firm discover
a GitHub repository belonging to Microsoft’s AI research division as part of its work into the accidental exposure of data host in the cloud.
Readers of the repository, which provid open source code and AI models for image recognition, were instruct to download the models from an Azure Storage URL.
Where Wiz discover that this URL was set to grant permissions across the entire storage account, mistakenly exposing additional private data.
Which includ 38 terabytes of confidential information such as personal backups of Microsoft employees.
Service passwords, secret keys and more than 30 thousand internal Microsoft Teams messages from hundrs of employees of the technology giant.
The URL, which had expos data since kuwait whatsapp number data 2020, was also misconfigur, allowing “full control” instead of “read-only” permissions.
“Anyone who knew where to look could remove, replace and inject malicious content,” Wiz said.
However, he notes that the storage account was not directly expos.
But Microsoft AI developers includ an overly permissive Shar Access Signature (SAS) token in the URL.
SAS is a mechanism that allows users to create shareable links to provide access to data in an Azure Storage account.
They assure that they have already fix the problem
Wiz said he shar his findings with Microsoft on June 22, which revok the SAS token two days later.
Microsoft said it complet its neural network for creating presentations: top 10 tools for business investigation into the potential organizational impact on Aug. 16.
The company’s Security cz lists Response Center told TechCrunch that “no customer data was expos and no other internal services were put at risk due to this issue.”
In addition to expanding GitHub’s secret extension service, which monitors all public changes to open source code.