綜合

【】

字号+作者:囫圇吞棗網来源:探索2025-04-03 05:10:46我要评论(0)

AI researchers at Microsoft have made a huge mistake.According to a new reportfrom cloud security co

AI researchers at Microsoft have made a huge mistake.

According to a new reportfrom cloud security company Wiz, the Microsoft AI research team accidentally leaked 38TB of the company's private data.

38 terabytes. That's a lotof data.

The exposed data included full backups of two employees' computers. These backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and more than 30,000 internal Microsoft Teams messages from more than 350 Microsoft employees.

So, how did this happen? The report explains that Microsoft's AI team uploaded a bucket of training data containing open-source code and AI models for image recognition. Users who came across the Github repository were provided with a link from Azure, Microsoft's cloud storage service, in order to download the models.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

One problem: The link that was provided by Microsoft's AI team gave visitors complete access to the entire Azure storage account. And not only could visitors view everything in the account, they could upload, overwrite, or delete files as well. 

Wiz says that this occurred as a result of an Azure feature called Shared Access Signature (SAS) tokens, which is "a signed URL that grants access to Azure Storage data." The SAS token could have been set up with limitations to what file or files could be accessed. However, this particular link was configured with full access.

Adding to the potential issues, according to Wiz, is that it appears that this data has been exposed since 2020.

Wiz contacted Microsoft earlier this year, on June 22, to warn them about their discovery. Two days later, Microsoft invalidated the SAS token, closing up the issue. Microsoft carried out and completed an investigation into the potential impacts in August.

Microsoft provided TechCrunch with a statement, claiming “no customer data was exposed, and no other internal services were put at risk because of this issue.”

TopicsCybersecurityMicrosoft

1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。

相关文章
  • You will love/hate Cards Against Humanity's new fortune cookies

    You will love/hate Cards Against Humanity's new fortune cookies

    2025-04-03 05:06

  • 大連足球名宿遲尚斌因病過世享年72歲 曾率萬達創55場不敗紀錄

    大連足球名宿遲尚斌因病過世享年72歲 曾率萬達創55場不敗紀錄

    2025-04-03 04:38

  • 曝梅西賽後主動挑釁對方高管 引雙方球員貼臉互罵

    曝梅西賽後主動挑釁對方高管 引雙方球員貼臉互罵

    2025-04-03 04:04

  • 前國腳就打人獲刑致歉:愚蠢行為有損足球公眾形象

    前國腳就打人獲刑致歉 :愚蠢行為有損足球公眾形象

    2025-04-03 03:16

网友点评