Microsoft’s AI Suffer Data Breach
38TB of private data from Microsoft's AI research division was exposed for the whole world to see which included Disk backups of two employees’ workstations, confidential Microsoft secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages!
The vulnerability was discovered by White hat hackers from cloud security company ‘Wiz’. Investigations found a sharable link based on Azure Statical Analysis System (SAS) tokens in June this year that allowed the vulnerability to occur.
The wiz team was scanning the wide web for misconfigured storage containers and it was during this process, Wiz found a GitHub repository under the Microsoft organisation named robust-models-transfer.
In the GitHub repository, a Microsoft worker shared a URL for a ‘Blob store’, which is a type of object storage found in Microsoft’s Azure. Readers of the repository were instructed to download the models from an Azure Storage URL link: However, the SAS token that was used for the internal storage account was misconfigured creating a backdoor into the cloud host-based server data. , The misconfiguration of the SAS token also granted "full control" access instead of read-only access. This enabled an attacker not only to access all files in the storage account but also to delete and overwrite them.
The exposed storage URL, taken from Microsoft’s GitHub repository provided by wiz.ioOnce wiz gained access to The repository, they found It contained 38TB of AI datasets, open-source AI learning models, private data, secrets, private keys, and passwords of Microsoft employees. The GitHub repository also contained disk backups of two former employees’ workstation profiles and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees!
Exposed containers under the 'robustnessws4285631339' storage account provided by wiz.io
A small sample of sensitive files found on the computer backups provided by wiz.io
Redacted Teams conversation between two Microsoft employees provided by wiz.ioWhat makes this even more intriguing is the fact that the repository's main intention was to supply AI models for coding instructions for Microsoft employees but due to the misconfiguration, put at risk all AI data collected and created. However, the storage account in question was not publicly accessible. The developers at Microsoft used a feature of Azure known as ‘SAS tokens’ which enables the creation of a URL link that can be shared with other members to give access to an Azure Storage account's data.
This cyber incident showcases the dangers that organisations will encounter in the online world. With data specialists and engineers rushing to develop fresh AI solutions or new technological achievements, heightened security measures and precautionary measures will always be essential and a priority in this digital age…. Luckily, in this case, this extremely dangerous exploit was discovered by white hat hackers.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.