Microsoft AI Blunder: Data Leak Shakes Tech Giant

  • Data Exposure on GitHub: Microsoft's AI research division accidentally exposed 38TB of sensitive data, including passwords and messages.
  • Misconfigured URL and SAS Token: The breach occurred due to an improperly configured Azure Storage URL and overly permissive SAS token.
  • Swift Response and Enhanced Monitoring: Microsoft acted promptly, revoked the token, and expanded GitHub's security monitoring for similar issues.

In a startling revelation, Microsoft’s AI research division has accidentally exposed tens of terabytes of sensitive data, including private keys, passwords, and confidential messages. The incident occurred when the division published an open-source training data repository on GitHub.

Cloud security startup Wiz, which specializes in identifying vulnerabilities in cloud-hosted data, uncovered this security lapse during its routine monitoring of cloud services. The GitHub repository, intended to provide open-source code and AI models for image recognition, instructed users to download the models from an Azure Storage URL. However, the URL had been misconfigured, granting unintended permissions on the entire storage account, thereby exposing additional private data.

The data breach, which had persisted since 2020, unveiled a staggering 38 terabytes of sensitive information. This included personal backups from the computers of two Microsoft employees, passwords to various Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages exchanged among hundreds of company employees.

The primary cause of the exposure was the presence of an overly permissive Shared Access Signature (SAS) token within the URL. SAS tokens, employed by Azure, are used to create shareable links that grant temporary access to data within an Azure Storage account. In this instance, the SAS token provided more extensive access than what was originally intended.

Wiz promptly reported its findings to Microsoft on June 22, prompting the company to take swift action by revoking the SAS token on June 24. Microsoft’s investigation into the potential organizational impact concluded on August 16.

Microsoft has reassured users and stakeholders that no customer data was compromised, and no internal services were put at risk due to this issue. However, the incident has raised concerns about the security of cloud-hosted data and the importance of robust access controls and permissions.

In response to the incident, Microsoft announced an expansion of GitHub’s secret spanning service. This enhancement will now monitor all public open-source code changes for plaintext exposure of credentials and other secrets, including SAS tokens that may have overly permissive expirations or privileges.

This incident underscores the critical need for vigilance and stringent security measures when handling vast amounts of data in the era of AI. As Ami Luttwak, co-founder and CTO of Wiz, pointed out, “AI unlocks huge potential for tech companies. However, as data scientists and engineers race to bring new AI solutions to production, the massive amounts of data they handle require additional security checks and safeguards.”

Visited 1 times, 1 visit(s) today

Stay ahead in the financial world – Sign Up to Rateweb’s essential newsletter for free. Get the latest insights on business trends, tech innovations, and market movements, directly to your inbox. Join our community of savvy readers and never miss an update that could impact your financial decisions.

Do you have a news tip for Rateweb reporters? Please email us at


Start trading with a free $30 bonus

Trade stocks, forex, commodities, metals and CFDs on stock indices with an internationally licensed and regulated broker. For all clients who open their first real account, XM offers a $30 trading bonus without any initial deposit needed. Learn more about how you can trade over 1000 instruments on the XM MT4 and MT5 platforms from your PC and Mac, or from a variety of mobile devices.


Personal Financial Tools

Below is a list of tools built to assist South Africans to make the best financial decisions:



South Africa’s primary source of financial tools and information

Contact Us


Rateweb strives to keep its information accurate and up to date. This information may be different than what you see when you visit a financial institution, service provider or specific product’s site. All financial products, shopping products and services are presented without warranty. When evaluating offers, please review the financial institution’s Terms and Conditions.

Rateweb is not a financial service provider and should in no way be seen as one. In compiling the articles for our website due caution was exercised in an attempt to gather information from reliable and accurate sources. The articles are of a general nature and do not purport to offer specialised and or personalised financial or investment advice. Neither the author, nor the publisher, will accept any responsibility for losses, omissions, errors, fortunes or misfortunes that may be suffered by any person that acts or refrains from acting as a result of these articles.