Status: 22.09.2023, 05:55 a.m.
By: Vivian Werg
Security researchers discover a data leak at Microsoft while scanning for misconfigured storage containers. © Thomas Trutschel/ Imago
The possibilities of AI offer many opportunities, but also entail risks. This is shown by an incident at the software giant Microsoft.
Berlin – Artificial intelligence (AI) is advancing at a rapid pace and is already a big part of our lives. In view of the rapid progress, experts expect a profound change in the world of work. Recently, attention to AI has increased because of the lively discussion about ChatGPT. Microsoft put the AI turbo in and built it into Office and Outlook.
The fact that AI can bring not only many opportunities but also risks is shown by an incident in the Microsoft AI GitHub repository. As security researchers from the IT company Wiz say in a blog post, they discovered a data leak at the software giant Microsoft, which was apparently caused by an employee by mistake. Due to a misconfiguration for a file sharing link, not only AI training data was accessible on GitHub.
Data leak at Microsoft: Security researchers come across exposed data
Wiz scans the internet for accidental publications of cloud-hosted data. In the process, they came across a GitHub repository (cloud-based central location for developers) of the Microsoft organization. When publishing a series of open-source training data, 38 terabytes of additional private data were accidentally disclosed there, including a hard drive backup of two employees.
A careless mistake that could have fatal consequences. "An attacker could not only view all files in the storage account, but also delete and overwrite existing files," Wiz security researchers said.
Microsoft comments after data leak: No sensitive customer data leaked to the outside world
According to WIZ, the backup contains sensitive data, private keys, passwords, and more than 30,000 internal Microsoft Teams messages. As reported by the consumer portal CHIP, the security researchers informed Microsoft about the data leak on June 22, after which an internal investigation was launched.
"No customer data was disclosed and no other internal services were compromised due to this issue," Microsoft's Security Response Center told TechCrunch. The company now wants to tighten its security precautions. (Vivian Werg)