Security News > 2023 > September > Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder

Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder
2023-09-18 18:03

A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account and reported it to the Windows giant.

This is despite Wiz claiming the leaky data bucket had private keys, passwords, and over 30,000 internal Microsoft Teams messages, as well as backup data from two employees' workstations.

"No customer data was exposed, and no other internal services were put at risk because of this issue," the Microsoft Security Response Center team said.

"Our scan shows that this account contained 38TB of additional data - including Microsoft employees' personal computer backups," Ben-Sasson and Greenberg said.

"The backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees."

In July, Chinese spies stole a secret Microsoft key and used to break into US government email accounts.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/18/more_microsoft_token_trouble/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 703 780 4543 4591 3624 13538
Github 12 3 42 30 15 90