Shared Access Signature (SAS) link exposed a storage bucket with 38TB of private data, including passwords, Teams messages, and the backups of two Microsoft AI research employees' workstations.
An overly permissive file-sharing link allowed public access to a massive 38TB storage bucket containing private Microsoft data, leaving a variety of development secrets — including passwords, Teams messages, and files from two employees' workstations — accessible to attackers.
Cloud data-security firm Wiz issued an advisory on the incident, which it said originated in the use of a Microsoft Azure feature known as a Shared Access Signature (SAS) token, which allows users with a link to access an otherwise private data repository. The specific at-risk repository belonged to Microsoft's AI research division, which — in its public GitHub repository — directed users to download open source images and code from the Azure Storage bucket via the SAS link.
However, the ...
Copyright of this story solely belongs to darkreading.com . To see the full text click HERE