Microsoft's security flaw exposed company data on GitHub for nearly a year

A URL was created to allow users to download the models, but it inadvertently granted permissions to the entire storage account, exposing additional private data. The exposed data included secrets, private keys, passwords, and over 30,000 Microsoft Teams messages.
27 September 2023
Image by CyberBeat

Microsoft's loose security measures resulted in a breach of company data on GitHub. The breach occurred from July 2020 until it was recently resolved. 

Wiz Research, the discoverer of the mistake, explained that the exposure occurred in a Microsoft GitHub repository dedicated to sharing open source AI code and models for image recognition. A URL was created to provide users with download access to the models, but unfortunately, it was configured to grant permissions on the entire storage account, inadvertently allowing  access to 38TB of data, including secrets, private keys, passwords, and thousands of Microsoft Teams messages. 

Microsoft insists no customer data was compromised. Microsoft has since fixed the issue and expanded its GitHub scanning service to prevent similar incidents in the future.

- CyberBeat


About CyberBeat

CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.

Contact CyberBeat

If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us

Terms & Policies >>


We couldn't do this without the support of our sponsors and contributors.