Microsoft AI researchers accidentally exposed big cache of data

By Jessica Nix

FILE PHOTO: A view shows a Microsoft logo at Microsoft offices in Issy-les-Moulineaux near Paris, France, January 25, 2023. REUTERS/Gonzalo Fuentes/File Photo

Microsoft Corp’s AI research team accidentally exposed a large cache of private data on the software development platform GitHub, according to new research from a cybersecurity firm.

A team at the cloud security company Wiz found the exposure of cloud-hosted data on the AI training platform via a misconfigured link. The data was leaked by Microsoft’s research team while publishing open-source training data on GitHub, according to Wiz.

Users of the repository were urged to download AI models from an cloud storage URL. But it was misconfigured to grant permissions on the entire storage account, and it also granted users full control permissions, as opposed to read only, meaning they could delete and overwrite existing files, according to a Wiz blog post.

The exposed data included Microsoft employees’ personal computer backups, which contained passwords to Microsoft services, secret keys and more than 30,000 internal Microsoft Teams messages from 359 Microsoft employees, according to Wiz.

Open data sharing is a key component of AI training, but sharing larger amounts of data leaves companies exposed to larger risk if shared incorrectly, according to Wiz’s researchers. Wiz shared the data in June with Microsoft, which moved quickly to remove the exposed data, said Ami Luttwak, chief technology officer and co-founder of Wiz, who added that the incident “could have been worse”.

Asked for comment, a Microsoft spokesperson said, “We have confirmed that no customer data was exposed, and no other internal services were put at risk.”

In a blog post published Monday, Microsoft said it investigated and remediated an incident involving a Microsoft employee who shared a URL in a public GitHub repository to open-source AI learning models. Microsoft said the data exposed in the storage account included backups of two former employees’ workstation profiles and internal Microsoft Teams messages of these two employees with their colleagues.

The data cache was found by Wiz’s research team scanning the Internet for misconfigured storage containers, part of its ongoing work on accidental exposure of cloud-hosted data, according to the blog. – Bloomberg

×
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
Eight US newspapers sue ChatGPT-maker OpenAI and Microsoft for copyright infringement
Sex offender asks Norway’s Supreme Court to declare social media access is a human right
Driver of lorry in crash that killed NUS law professor says he was distracted by GPS
Microsoft boosts responsible AI team from 350 to 400 personnel
Chip parts supplier Siltronic's profit falls on high client inventories
After a breakup, does an ex get to stay on your grid?
Microsoft announces RM10.48bil AI, cloud investment in Malaysia
From baby talk to baby artificial intelligence
Lawsuit against Meta asks if Facebook users have right to control their feeds using external tools
Nvidia supplier SK Hynix says HBM chips almost sold out for 2025

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.