38TB of data accidentally exposed by Microsoft AI researchers

Wiz Research discovered a significant data exposure incident involving Microsoft's AI GitHub repository. Approximately 38TB of data was accidentally exposed, including over 30,000 internal Microsoft Teams messages. The root cause was identified as a single misconfigured Shared Access Signature (SAS) token. This incident highlights critical risks associated with cloud storage misconfigurations and identity management within large technology organizations. While no malicious threat actor was confirmed to have accessed the data, the severity remains high due to the volume of sensitive internal communications and proprietary AI research data potentially compromised. Organizations should immediately audit their cloud storage permissions, rotate SAS tokens regularly, and implement strict access controls to prevent similar accidental exposures. This event underscores the necessity of robust cloud security posture management (CSPM) to mitigate risks stemming from human error and configuration oversights in complex AI development environments.

Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token

Wiz Research discovered a significant data exposure incident involving Microsoft's AI GitHub repository. Approximately 38TB of data was accidentally exposed, including over 30,000 internal Microsoft Teams messages. The root cause was identified as a single misconfigured Shared Access Signature (SAS) token. This incident highlights critical risks associated with cloud storage misconfigurations and identity management within large technology organizations. While no malicious threat actor was confirmed to have accessed the data, the severity remains high due to the volume of sensitive internal communications and proprietary AI research data potentially compromised. Organizations should immediately audit their cloud storage permissions, rotate SAS tokens regularly, and implement strict access controls to prevent similar accidental exposures. This event underscores the necessity of robust cloud security posture management (CSPM) to mitigate risks stemming from human error and configuration oversights in complex AI development environments. Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token