UNITED STATES: Microsoft, a global technology leader, has admitted to a substantial data exposure incident in which a colossal 38-terabyte dataset was unintentionally revealed. This mishap, attributed to an error made by one of its AI researchers, has ignited concerns regarding data security and privacy.
The revelation of this incident came through a report from cloud security firm Wiz, which provided a comprehensive account of the inadvertent exposure of sensitive information, including private keys, passwords, and internal Microsoft Teams conversations of numerous employees.
As disclosed by Wiz researchers Hillai Ben-Sasson and Ronny Greenberg, the exposed data encompassed exhaustive backups of two employees’ computer systems.
This dataset contained a wide range of sensitive personal information, including Microsoft service passwords, secret keys, and over 30,000 internal Microsoft Teams messages authored by 359 Microsoft employees.
“Our research revealed that the exposed account included an additional 38 gigabytes of information, mostly Microsoft workers’ personal computer backups”, according to Ben-Sasson and Greenberg.
This extensive data exposure incident transpired due to the accidental publication of internal data on a publicly accessible GitHub repository. GitHub, a popular platform for code hosting and resource sharing, allowed anyone with access to the repository to potentially view the exposed data.
However, it is imperative to note that Microsoft promptly clarified that this incident did not result in the exposure of any customer data and did not pose a risk to other internal services.
In a blog post, Microsoft’s Security Response Centre offered assurance, stating, “No customer data was exposed, and this issue did not endanger any other internal services. Customers need not take any specific action in response to this incident.”
This incident underscores the challenges organizations face in safeguarding sensitive information in an era of advanced technology and remote work settings. Data leaks, whether accidental or deliberate, can have significant consequences for both organizations and individuals whose data is at stake.
Microsoft is expected to conduct a comprehensive internal review to understand the circumstances surrounding the data exposure and implement stringent measures to prevent such incidents in the future.
In the meantime, organizations must prioritize data security, emphasizing robust data protection protocols and the importance of a well-defined incident response strategy.
Also Read: Microsoft Streamlines Edge Experience by Removing Five Features in Latest Update