Microsoft's loose security measures resulted in a breach of company data on GitHub. The breach occurred from July 2020 until it was recently resolved.
Wiz Research, the discoverer of the mistake, explained that the exposure occurred in a Microsoft GitHub repository dedicated to sharing open source AI code and models for image recognition. A URL was created to provide users with download access to the models, but unfortunately, it was configured to grant permissions on the entire storage account, inadvertently allowing access to 38TB of data, including secrets, private keys, passwords, and thousands of Microsoft Teams messages.
Microsoft insists no customer data was compromised. Microsoft has since fixed the issue and expanded its GitHub scanning service to prevent similar incidents in the future.
- CyberBeat
CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.
If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us
We couldn't do this without the support of our sponsors and contributors.