38 TB of Microsoft data leaked. One mistake was enough

Cybersecurity experts from Wizz reported a huge leak of secret Microsoft data. A titanic database of information was leaked online and anyone could view confidential data.

Microsoft data leak – 38 TB may circulate on the network

It all started with a rather noble goal. The Microsoft team working on AI solutions wanted to make data for training artificial intelligence models available to other researchers in an open source form. These were algorithms and code for image recognition techniques.

Unfortunately, many of the files also included links to… backup copies of employees’ computers. The 38-terabyte thicket of secret data included, among others: passwords for Microsoft services, confidential security keys, over 30,000 internal messages from MS Teams chats and other data of hundreds of employees of an American corporation.

After noticing the error, Microsoft quickly fixed the mistake. In its own summary of the incident, the company assures that “no customer data was leaked and internal services were not exposed.”

Human error is a treat for hackers

According to Wizz specialists, “data sharing is extremely easy, but it makes security a hard nut to crack.” Microsoft researchers did the right thing, with one mistake.

The data was shared in the Microsoft Azure cloud, and the so-called SAS token was used to share it. It allows users to create links that give others access to information. The data owner can specify whether one file, specific servers or the entire contents of the storage should be visible.

The link to the data for AI researchers was correctly created by Microsoft employees. They simply defined the scope of information they wanted to make public too broadly.