Microsoft Under Scrutiny After 38TB Data Leaked Via Azure Storage

Share via:

Cloud security provider Wiz has discovered an incident that occurred in July 2020, where a misconfigured link inadvertently exposed approximately 38TB of sensitive Microsoft data. After nearly three years of this data being accessible, the security firm uncovered this issue while scanning the internet for exposed storage accounts.

The breach originated from a software repository hosted on Microsoft-owned GitHub, which provides open-source code and AI models. It was determined that a Microsoft employee had unintentionally shared the URL to a misconfigured Azure Blob storage bucket, which contained this vast amount of leaked information.

We found a public AI repo on GitHub, exposing over 38TB of private files – including personal computer backups of @Microsoft employees

How did it happen?
A single misconfigured token in @Azure Storage is all it takes pic.twitter.com/ZWMRk3XK6X

— Hillai Ben-Sasson (@hillai) September 18, 2023

Wiz’s report highlighted a concern related to the security of Shared Access Signature (SAS) tokens, emphasizing the need to limit their usage due to their inherent security risks. The report noted that these tokens are challenging to track, as Microsoft lacks a centralized method within the Azure portal for their management.

The exposed data included backups of personal information belonging to Microsoft employees, including passwords for various Microsoft services, secret keys, and an archive containing over 30,000 internal messages from 359 Microsoft employees, exchanged on the Microsoft Teams platform.

In response to the incident, the Microsoft Security Response Center (MSRC) issued an advisory on Monday, reassuring that no customer data had been exposed, and no other internal services were compromised as a result of this breach.

The exposure of this data was attributed to the use of an excessively permissive Shared Access Signature (SAS) token, which granted full control over the shared files. Wiz researchers described this Azure feature as posing challenges in terms of monitoring and revoking access, highlighting the need for enhanced security measures in this regard.

The post Microsoft Under Scrutiny After 38TB Data Leaked Via Azure Storage appeared first on Analytics India Magazine.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

admin
admin
Hi! This is Admin.

Popular

More Like this

Microsoft Under Scrutiny After 38TB Data Leaked Via Azure Storage

Cloud security provider Wiz has discovered an incident that occurred in July 2020, where a misconfigured link inadvertently exposed approximately 38TB of sensitive Microsoft data. After nearly three years of this data being accessible, the security firm uncovered this issue while scanning the internet for exposed storage accounts.

The breach originated from a software repository hosted on Microsoft-owned GitHub, which provides open-source code and AI models. It was determined that a Microsoft employee had unintentionally shared the URL to a misconfigured Azure Blob storage bucket, which contained this vast amount of leaked information.

We found a public AI repo on GitHub, exposing over 38TB of private files – including personal computer backups of @Microsoft employees

How did it happen?
A single misconfigured token in @Azure Storage is all it takes pic.twitter.com/ZWMRk3XK6X

— Hillai Ben-Sasson (@hillai) September 18, 2023

Wiz’s report highlighted a concern related to the security of Shared Access Signature (SAS) tokens, emphasizing the need to limit their usage due to their inherent security risks. The report noted that these tokens are challenging to track, as Microsoft lacks a centralized method within the Azure portal for their management.

The exposed data included backups of personal information belonging to Microsoft employees, including passwords for various Microsoft services, secret keys, and an archive containing over 30,000 internal messages from 359 Microsoft employees, exchanged on the Microsoft Teams platform.

In response to the incident, the Microsoft Security Response Center (MSRC) issued an advisory on Monday, reassuring that no customer data had been exposed, and no other internal services were compromised as a result of this breach.

The exposure of this data was attributed to the use of an excessively permissive Shared Access Signature (SAS) token, which granted full control over the shared files. Wiz researchers described this Azure feature as posing challenges in terms of monitoring and revoking access, highlighting the need for enhanced security measures in this regard.

The post Microsoft Under Scrutiny After 38TB Data Leaked Via Azure Storage appeared first on Analytics India Magazine.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

admin
admin
Hi! This is Admin.

More like this

https://pnndigital.com/business-news/samsung-to-consolidate-leadership-in-mid-premium-segment-with-launch-of-galaxy-a55-5g-galaxy-a35-in-india/

https://pnndigital.com/business-news/samsung-to-consolidate-leadership-in-mid-premium-segment-with-launch-of-galaxy-a55-5g-galaxy-a35-in-india/ Source link

Black founders are creating tailored ChatGPTs for a more...

At first, John Pasmore was excited about ChatGPT.  Source...

Evaluating Opportunities Within A Subscription Economy

SUMMARY Companies in a subscription economy rely on recurring...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!