Microsoft Azure Data Leak Exposes Dangers of File-Sharing Links

Shared Access Signature (SAS) link exposed a storage bucket with 38TB of private data, including passwords, Teams messages, and the backups of two Microsoft AI research employees' workstations.

An overly permissive file-sharing link allowed public access to a massive 38TB storage bucket containing private Microsoft data, leaving a variety of development secrets — including passwords, Teams messages, and files from two employees' workstations — accessible to attackers.

Cloud data-security firm Wiz issued an advisory on the incident, which it said originated in the use of a Microsoft Azure feature known as a Shared Access Signature (SAS) token, which allows users with a link to access an otherwise private data repository. The specific at-risk repository belonged to Microsoft's AI research division, which — in its public GitHub repository — directed users to download open source images and code from the Azure Storage bucket via the SAS link.

However, the ...