A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account and reported it to the Windows giant.
This is despite Wiz claiming the leaky data bucket had private keys, passwords, and over 30,000 internal Microsoft Teams messages, as well as backup data from two employees’ workstations.
“No customer data was exposed, and no other internal services were put at risk because of this issue,” the Microsoft Security Response Center team said.
“Our scan shows that this account contained 38TB of additional data – including Microsoft employees’ personal computer backups,” Ben-Sasson and Greenberg said.
“The backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees.”
In July, Chinese spies stole a secret Microsoft key and used to break into US government email accounts.