Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder

2023-09-18 18:03

A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account and reported it to the Windows giant.

This is despite Wiz claiming the leaky data bucket had private keys, passwords, and over 30,000 internal Microsoft Teams messages, as well as backup data from two employees' workstations.

"No customer data was exposed, and no other internal services were put at risk because of this issue," the Microsoft Security Response Center team said.

"Our scan shows that this account contained 38TB of additional data - including Microsoft employees' personal computer backups," Ben-Sasson and Greenberg said.

"The backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees."

In July, Chinese spies stole a secret Microsoft key and used to break into US government email accounts.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/18/more_microsoft_token_trouble/

#microsoft #github

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		674	804	4455	4133	3701	13093
Github		10	2	30	29	14	75

News URL

Related news

Related vendor