时间:2024-09-20 08:47:28 来源:网络整理编辑:百科
AI researchers at Microsoft have made a huge mistake.According to a new reportfrom cloud security co
AI researchers at Microsoft have made a huge mistake.
According to a new reportfrom cloud security company Wiz, the Microsoft AI research team accidentally leaked 38TB of the company's private data.
38 terabytes. That's a lotof data.
The exposed data included full backups of two employees' computers. These backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and more than 30,000 internal Microsoft Teams messages from more than 350 Microsoft employees.
Tweet may have been deleted
So, how did this happen? The report explains that Microsoft's AI team uploaded a bucket of training data containing open-source code and AI models for image recognition. Users who came across the Github repository were provided with a link from Azure, Microsoft's cloud storage service, in order to download the models.
One problem: The link that was provided by Microsoft's AI team gave visitors complete access to the entire Azure storage account. And not only could visitors view everything in the account, they could upload, overwrite, or delete files as well.
Wiz says that this occurred as a result of an Azure feature called Shared Access Signature (SAS) tokens, which is "a signed URL that grants access to Azure Storage data." The SAS token could have been set up with limitations to what file or files could be accessed. However, this particular link was configured with full access.
Adding to the potential issues, according to Wiz, is that it appears that this data has been exposed since 2020.
Wiz contacted Microsoft earlier this year, on June 22, to warn them about their discovery. Two days later, Microsoft invalidated the SAS token, closing up the issue. Microsoft carried out and completed an investigation into the potential impacts in August.
Microsoft provided TechCrunch with a statement, claiming “no customer data was exposed, and no other internal services were put at risk because of this issue.”
TopicsCybersecurityMicrosoft
Snapchat is about to explode in popularity, report says2024-09-20 08:44
Why Tesla’s Model 3 will be the most important electric car of our time2024-09-20 08:39
Ads that portray the stereotype of men being bad at housework will be banned2024-09-20 08:29
Stay in a free owl2024-09-20 08:09
J.K. Rowling makes 'Harry Potter' joke about Olympics event2024-09-20 07:57
'Walking Dead' trailer seems to confirm major fan theory about Rick2024-09-20 07:51
This week in apps: Book spa treatments with Google, take retro photos, and more2024-09-20 07:47
Michelle Pfeiffer will play Janet van Dyne in 'Ant2024-09-20 07:00
One of the most controversial power struggles in media comes to a close2024-09-20 06:39
Trump is, um, thinking about pardons already2024-09-20 06:07
Here's George Takei chilling in zero gravity for the 'Star Trek' anniversary2024-09-20 08:39
Michelle Pfeiffer will play Janet van Dyne in 'Ant2024-09-20 08:37
Twitter is making it way easier to ignore hateful trolls2024-09-20 07:38
Not horror? 'A Ghost Story' is the most terrifying vision of the afterlife ever onscreen2024-09-20 07:29
This weird squid looks like it has googly eyes, guys2024-09-20 07:12
EPA chief wants his climate change 'debate' televised2024-09-20 07:12
New findings reveal humans have been in Australia earlier than we thought2024-09-20 07:00
China censors 'RIP' and the candle emoji as people mourn Nobel Peace Prize winner2024-09-20 07:00
Dressage horse dancing to 'Smooth' by Santana wins gold for chillest horse2024-09-20 06:20
Slug lands on woman's face on night out and all hell breaks loose2024-09-20 06:19