In many cases, we can see data leaks that affect services and platforms on the Internet. This can lead to a loss of user privacy, as attackers could control accounts, steal passwords and confidential information. In this case, it is a data leak that has affected Microsoft. Specifically, 38 TB of non-private data has been leaked through Azure storage. We are going to tell you what it is and what you can do to protect yourself from leaks of this type.
It has happened after Microsoft’s AI department accidentally leaked 38 TB of confidential data. This is not something very recent, since it was data leaked since June 2020, while they were creating open source artificial intelligence models in a GitHub repository.
Microsoft leaks data
This has been discovered, three years later, by the cloud security company wiz. According to what they indicate, a Microsoft worker shared a URL to Azure, where all the leaked information had been hosted. It was due to an Azure feature that allows file sharing and is difficult to monitor.
From Microsoft, they have linked this problem to a shared access signing token, which is known as SAS, too permissive. Without monitoring, these types of tokens can pose a security risk and their use should be limited.
This fact, as Wiz has discovered, has allowed private data, 38 TB in total, to be exposed beyond open source models. This includes backups of personal information of Microsoft employees, passwords for company services, secret keys, and many messages.
It has not affected clients. Something that Microsoft has reported is that this has not had an impact on users, but only on the organization’s employees and internal data. They also rule out that any additional service had a risk of suffering something similar.
Some security researchers behind this discovery mention how artificial intelligence can be a useful tool, but also a major problem if it is not used well or vulnerabilities of this type appear that put privacy and security at risk.
What can you do to protect yourself from problems of this type? When it comes to a bug that affects a specific service, it is not really something that is directly in your hand. However, you can always have everything updated to correct vulnerabilities and be less likely to suffer attacks and problems.
Furthermore, it is advisable that you review very well What services or programs do you use?. We recommend that you avoid using unreliable software. Only install stable applications that have a good reputation and always download them from legitimate sources, such as official websites or safe application stores.
On the other hand, having good system protection, such as having a good antivirus or having everything updated, will help you avoid data leaks. It is essential that you apply this to any device you use, as failures can arise at any time. You can use Have I Been Pwned to see if your keys have been leaked.
As you can see, Microsoft has leaked 38 TB of personal data due to an error. Although it has not affected users, it has put personal information of its workers at risk. You can always take measures to prevent these types of problems, with good use of software and devices.