Microsoft under Scrutiny after 38TB Data Leaked via Azure Storage

In July 2020, a misconfigured link led to a leak of 38TB of sensitive Microsoft data
Listen to this story

Cloud security provider Wiz has discovered an incident that occurred in July 2020, where a misconfigured link inadvertently exposed approximately 38TB of sensitive Microsoft data. After nearly three years of this data being accessible, the security firm uncovered this issue while scanning the internet for exposed storage accounts.

The breach originated from a software repository hosted on Microsoft-owned GitHub, which provides open-source code and AI models. It was determined that a Microsoft employee had unintentionally shared the URL to a misconfigured Azure Blob storage bucket, which contained this vast amount of leaked information.

Wiz’s report highlighted a concern related to the security of Shared Access Signature (SAS) tokens, emphasizing the need to limit their usage due to their inherent security risks. The report noted that these tokens are challenging to track, as Microsoft lacks a centralized method within the Azure portal for their management.

The exposed data included backups of personal information belonging to Microsoft employees, including passwords for various Microsoft services, secret keys, and an archive containing over 30,000 internal messages from 359 Microsoft employees, exchanged on the Microsoft Teams platform.

In response to the incident, the Microsoft Security Response Center (MSRC) issued an advisory on Monday, reassuring that no customer data had been exposed, and no other internal services were compromised as a result of this breach.

The exposure of this data was attributed to the use of an excessively permissive Shared Access Signature (SAS) token, which granted full control over the shared files. Wiz researchers described this Azure feature as posing challenges in terms of monitoring and revoking access, highlighting the need for enhanced security measures in this regard.

Download our Mobile App

Tasmia Ansari
Tasmia is a tech journalist at AIM, looking to bring a fresh perspective to emerging technologies and trends in data science, analytics, and artificial intelligence.

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Recent Stories

Our Upcoming Events

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

6 IDEs Built for Rust

Rust IDEs aid efficient code development by offering features like code completion, syntax highlighting, linting, debugging tools, and code refactoring