AI NewsTech

Microsoft Exposes 38TB of Sensitive Data Due to AI Model Development Error

Mukund Kapoor
By Mukund Kapoor - Author 3 Min Read
3 Min Read
Microsoft Exposes 38TB of Sensitive Data

Microsoft leaks a massive 38 terabytes of sensitive internal information amid concerns over the security of AI technology.

In Short
  • Microsoft exposes 38TB of internal data due to a mistake in using SAS tokens on Azure.
  • The leak lasted almost three years and included sensitive data like employee backups and secret codes.
  • Wiz brought this issue to light, and Microsoft acted quickly to secure the data and enhance its security measures.
Contents
The Details of the Data LeakThe Core Issue: Misuse of SAS TokensHow Microsoft is Addressing the ProblemThe Bigger Picture: AI Security Needs Strengthening

September 19, 2023: Microsoft recently faced a significant data exposure, spotlighting increasing concerns about the safety of artificial intelligence (AI) tech.

Cloud security firm Wiz revealed that Microsoft accidentally leaked a large amount of internal data totaling 38 terabytes (TB). The leak lasted from July 20, 2020, to June 24, 2023.

The Details of the Data Leak

Wiz discovered that Microsoft made a big mistake on their cloud platform, Azure. This error was because of using a tool on Azure incorrectly. The data was on a public GitHub space where Microsoft’s AI team was doing their work.

Exposed 'robustnessws4285631339' storage account containers
Exposed ‘robustnessws4285631339’ storage account containers

This public space, named “robust-models-transfer,” had codes and AI designs that anyone could see. But, it also showed things it should not have shown, like backups of employee computers, secret codes, passwords, and many chats from the Microsoft Teams app.

The Core Issue: Misuse of SAS Tokens

Microsoft used Shared Access Signature (SAS) tokens for data sharing on Azure. These tokens were not used correctly, making the data public by accident. One SAS token was active from July 2020 to October 2021.

risk in sharing sas tokens
Credits / Wiz.io

Another one was set to be active until 2051. SAS tokens can be risky because they can stay working for a long time, and it’s hard to control them.

How Microsoft is Addressing the Problem

Once Wiz told Microsoft about this, Microsoft acted quickly. They made the unsafe token safe and stopped people from outside from getting into the data.

Microsoft said no one took customer data without asking, so customers don’t need to do anything more.

They also made their system better at finding risky SAS tokens quickly.

The Bigger Picture: AI Security Needs Strengthening

This event shows that we must be more careful with AI tech. AI tech is growing fast, and keeping it safe is hard. Ami Luttwak, the CTO at Wiz, said that all companies need to be very careful.

They should take decisive steps to keep things like this from happening again. Data is critical, and we must keep it safe, especially when making new things in AI tech.

Microsoft said they learned from what Wiz found and have made GitHub better at spotting unsafe SAS tokens.

The company confirmed that they are taking steps to ensure such errors don’t happen again, emphasizing the importance of data security in the era of rapid AI advancements.

TAGGED:
SOURCES:Wiz.io

Disclaimer

Based on our quality standards, we deliver this website’s content transparently. Our goal is to give readers accurate and complete information. Check our News section for latest news. To stay in the loop with our latest posts follow us on Facebook, Twitter and Instagram. 

Subscribe to our Daily Newsletter to join our growing community and if you wish to share feedback or have any inquiries, please feel free to Contact Us. If you want to know more about us, check out our Disclaimer, and Editorial Policy.

By Mukund Kapoor Author
Follow:
Mukund Kapoor, the enthusiastic author and creator of GreatAIPrompts, is driven by his passion for all things AI. With a special knack for simplifying complex AI concepts, he's committed to helping readers of all levels - be it beginners or experts - navigate the intriguing world of artificial intelligence. Through GreatAIPrompts, Mukund ensures that readers always have access to the most recent and relevant AI news, tools, and insights. His dedication to quality, accuracy, and clarity is what sets his blog apart, making it a reliable go-to source for anyone interested in unlocking the potential of AI. For more information visit Author Bio.
Previous Article QPNotes QPNotes: New AI Prompt Management Platform Improves Human-AI Collaboration
Next Article nvidia and infosys partner to train 50k employees in ai NVIDIA and Infosys Partner to Train 50K Employees in AI
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *