Microsoft Exposes 38TB of Internal Data in GitHub Misconfiguration

Microsoft AI researchers shared a misconfigured link on GitHub, accidentally exposing 38TB of internal data.
The exposed data included employee computer backups, passwords, secret keys, and over 30,000 Teams messages.
No customer data was exposed, Microsoft stated, and no other services were put at risk.
Microsoft was notified of the issue in June by the cybersecurity firm Wiz, and invalidated the link after 2 days.
This disclosure comes less than 2 weeks after Microsoft published findings about hackers exploiting exposed data from a 2021 system crash.

businessinsider.com

Relevant topic timeline:

9/18/2023

Microsoft Exposes 38TB of Sensitive Employee Data on Misconfigured Azure Server

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing open-source training data on GitHub, but no customer data was exposed as a result.

9/18/2023

Microsoft Leaks 38TB of Employee Data Through Misconfigured Cloud Storage

Microsoft AI research division accidentally leaked terabytes of sensitive data through a misconfigured Azure Blob storage bucket, exposing personal information and internal messages, highlighting the security risks of Shared Access Signature tokens and the need for better monitoring and governance.