search
HomeTechnology peripheralsAIMicrosoft AI researchers accidentally leaked 38TB of internal data, including private keys and password information

There is no need to change the original meaning, the content that needs to be rewritten is: Source: IT Home

Wiz Research announced today that a data leak was discovered in Microsoft AI's GitHub repository, which was caused by a misconfigured SAS (IT Home Note: Shared Access Signature) token

微软 AI 研究人员无意中泄露 38TB 内部数据,包括私钥和密码信息

In terms of details, Microsoft's artificial intelligence research team released open source training data on GitHub, but accidentally exposed 38TB of other internal data, including disk backups of the personal computers of several Microsoft employees. These backups contained confidential information, private keys, passwords, and thousands of internal Microsoft team messages, involving more than 30,000 employees

微软 AI 研究人员无意中泄露 38TB 内部数据,包括私钥和密码信息

微软 AI 研究人员无意中泄露 38TB 内部数据,包括私钥和密码信息

This GitHub repository provides open source code and AI models for image recognition, visitors need to download the model from the Azure storage URL. However, Wiz discovered that the URL's permissions were misconfigured, causing permissions to be granted to the entire storage account, thereby incorrectly exposing other private data

According to reports, the URLs involved are said to have exposed the data since 2020. Furthermore, the URL was incorrectly configured to allow "Full Control" instead of "Read-Only" permissions. This means that anyone who knows how to view this URL could potentially remove, replace, and inject malicious content

Wiz said it reported the issue to Microsoft on June 22, and two days later on June 24, Microsoft announced it was revoking the SAS tokens. Microsoft said it completed its investigation into potential organizational impact on August 16.

The following is the specific timeline of the entire incident:

On July 20, 2020, the SAS token was submitted to GitHub for the first time; the expiration date is October 5, 2021

October 6, 2021 - SAS token expiration date updated to October 6, 2051

June 22, 2023 - The Wiz research team discovered the issue and reported it to Microsoft

June 24, 2023 - Microsoft Announces SAS Token Expiration

On July 7, 2023, the SAS token was replaced on GitHub

August 16, 2023 - Microsoft completes internal investigation into potential impact

September 18, 2023 - Wiz Research publicly discloses this

The above is the detailed content of Microsoft AI researchers accidentally leaked 38TB of internal data, including private keys and password information. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:搜狐. If there is any infringement, please contact admin@php.cn delete
Tesla's Robovan Was The Hidden Gem In 2024's Robotaxi TeaserTesla's Robovan Was The Hidden Gem In 2024's Robotaxi TeaserApr 22, 2025 am 11:48 AM

Since 2008, I've championed the shared-ride van—initially dubbed the "robotjitney," later the "vansit"—as the future of urban transportation. I foresee these vehicles as the 21st century's next-generation transit solution, surpas

Sam's Club Bets On AI To Eliminate Receipt Checks And Enhance RetailSam's Club Bets On AI To Eliminate Receipt Checks And Enhance RetailApr 22, 2025 am 11:29 AM

Revolutionizing the Checkout Experience Sam's Club's innovative "Just Go" system builds on its existing AI-powered "Scan & Go" technology, allowing members to scan purchases via the Sam's Club app during their shopping trip.

Nvidia's AI Omniverse Expands At GTC 2025Nvidia's AI Omniverse Expands At GTC 2025Apr 22, 2025 am 11:28 AM

Nvidia's Enhanced Predictability and New Product Lineup at GTC 2025 Nvidia, a key player in AI infrastructure, is focusing on increased predictability for its clients. This involves consistent product delivery, meeting performance expectations, and

Exploring the Capabilities of Google's Gemma 2 ModelsExploring the Capabilities of Google's Gemma 2 ModelsApr 22, 2025 am 11:26 AM

Google's Gemma 2: A Powerful, Efficient Language Model Google's Gemma family of language models, celebrated for efficiency and performance, has expanded with the arrival of Gemma 2. This latest release comprises two models: a 27-billion parameter ver

The Next Wave of GenAI: Perspectives with Dr. Kirk Borne - Analytics VidhyaThe Next Wave of GenAI: Perspectives with Dr. Kirk Borne - Analytics VidhyaApr 22, 2025 am 11:21 AM

This Leading with Data episode features Dr. Kirk Borne, a leading data scientist, astrophysicist, and TEDx speaker. A renowned expert in big data, AI, and machine learning, Dr. Borne offers invaluable insights into the current state and future traje

AI For Runners And Athletes: We're Making Excellent ProgressAI For Runners And Athletes: We're Making Excellent ProgressApr 22, 2025 am 11:12 AM

There were some very insightful perspectives in this speech—background information about engineering that showed us why artificial intelligence is so good at supporting people’s physical exercise. I will outline a core idea from each contributor’s perspective to demonstrate three design aspects that are an important part of our exploration of the application of artificial intelligence in sports. Edge devices and raw personal data This idea about artificial intelligence actually contains two components—one related to where we place large language models and the other is related to the differences between our human language and the language that our vital signs “express” when measured in real time. Alexander Amini knows a lot about running and tennis, but he still

Jamie Engstrom On Technology, Talent And Transformation At CaterpillarJamie Engstrom On Technology, Talent And Transformation At CaterpillarApr 22, 2025 am 11:10 AM

Caterpillar's Chief Information Officer and Senior Vice President of IT, Jamie Engstrom, leads a global team of over 2,200 IT professionals across 28 countries. With 26 years at Caterpillar, including four and a half years in her current role, Engst

New Google Photos Update Makes Any Photo Pop With Ultra HDR QualityNew Google Photos Update Makes Any Photo Pop With Ultra HDR QualityApr 22, 2025 am 11:09 AM

Google Photos' New Ultra HDR Tool: A Quick Guide Enhance your photos with Google Photos' new Ultra HDR tool, transforming standard images into vibrant, high-dynamic-range masterpieces. Ideal for social media, this tool boosts the impact of any photo,

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.