时间:2025-04-03 01:23:57 来源:网络整理编辑:焦點
AI researchers at Microsoft have made a huge mistake.According to a new reportfrom cloud security co
AI researchers at Microsoft have made a huge mistake.
According to a new reportfrom cloud security company Wiz, the Microsoft AI research team accidentally leaked 38TB of the company's private data.
38 terabytes. That's a lotof data.
The exposed data included full backups of two employees' computers. These backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and more than 30,000 internal Microsoft Teams messages from more than 350 Microsoft employees.
Tweet may have been deleted
So, how did this happen? The report explains that Microsoft's AI team uploaded a bucket of training data containing open-source code and AI models for image recognition. Users who came across the Github repository were provided with a link from Azure, Microsoft's cloud storage service, in order to download the models.
One problem: The link that was provided by Microsoft's AI team gave visitors complete access to the entire Azure storage account. And not only could visitors view everything in the account, they could upload, overwrite, or delete files as well.
Wiz says that this occurred as a result of an Azure feature called Shared Access Signature (SAS) tokens, which is "a signed URL that grants access to Azure Storage data." The SAS token could have been set up with limitations to what file or files could be accessed. However, this particular link was configured with full access.
Adding to the potential issues, according to Wiz, is that it appears that this data has been exposed since 2020.
Wiz contacted Microsoft earlier this year, on June 22, to warn them about their discovery. Two days later, Microsoft invalidated the SAS token, closing up the issue. Microsoft carried out and completed an investigation into the potential impacts in August.
Microsoft provided TechCrunch with a statement, claiming “no customer data was exposed, and no other internal services were put at risk because of this issue.”
TopicsCybersecurityMicrosoft
This company is hiring someone just to drink all day2025-04-03 01:08
Here are the 13 best tweets of the week2025-04-03 01:02
Americans don't trust social media companies to handle misinformation2025-04-03 01:01
Netflix's 'Down to Earth' is great if you love Zac Efron: Review2025-04-03 00:30
Singapore gets world's first driverless taxis2025-04-02 23:42
The critical science moments of 2020 (so far)2025-04-02 23:20
Greta Thunberg launches open letter demanding world leaders take immediate action on climate crisis2025-04-02 23:11
How this law is protecting child influencers in Illinois2025-04-02 23:06
Florida hurricane forecast remains uncertain, but trends in state's favor2025-04-02 23:06
Hulu vs. Plex: Which group streaming service is right for you?2025-04-02 23:02
Metallica to seek and destroy your eardrums with new album this fall2025-04-03 01:21
$51 million in bushfire donations reveals Facebook fundraiser problem2025-04-03 01:15
NY governor Andrew Cuomo's bizarre COVID2025-04-03 00:44
How single people have been dealing with the 'sex ban' in England2025-04-03 00:39
Xiaomi accused of copying again, this time by Jawbone2025-04-03 00:29
Prime Day deals: 11 things you should buy, and 3 to avoid2025-04-03 00:29
Apple Watch Series 5 vs Fitbit Versa 2: Which smartwatch is worth it?2025-04-03 00:22
The best weird social distancing tech of 2020 so far2025-04-02 23:18
Mall builds real2025-04-02 22:54
The 10 best TV episodes of 2020 (so far)2025-04-02 22:49