Oops, Microsoft left 38TB of sensitive data exposed for 3 years including internal Teams chats

Microsoft logo
(Image credit: David Becker (Getty Images))

Even the smartest of boffins can trip up sometimes, and that's exactly what happened after a member of Microsoft's AI research team accidentally exposed 38TB of sensitive internal data after misconfiguring a link.

Wiz, a cloud security company that routinely looks for vulnerabilities or exposures of cloud-hosted data detailed the exposure on its blog (via ITWire). It found a GitHub repository belonging to Microsoft’s AI research division, hosting open-source code and AI models for image recognition. But that's not all Wiz found.

A configuration error allowed anyone access the entire storage account, and this data included two complete PC backups belonging to Microsoft employees. According to Wiz, the data included "sensitive personal data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees."

Furthermore, the files weren't read-only. They could be rewritten or deleted at will. In fairness to Microsoft — and the employees, access to the files wasn't completely public. Access was granted via an Azure sharing feature called a SAS token, which is a shareable link, but in this case it granted full access. Anyone with that link, which would include users looking to access the AI source code, would have had access.

Your next upgrade

Nvidia RTX 4070 and RTX 3080 Founders Edition graphics cards

(Image credit: Future)

Best CPU for gaming: The top chips from Intel and AMD.
Best gaming motherboard: The right boards.
Best graphics card: Your perfect pixel-pusher awaits.
Best SSD for gaming: Get into the game ahead of the rest.

What's worse is that the data has been exposed since 2020. Microsoft was made aware of the exposure in June this year, meaning the data was available for three years.

Microsoft posted a lengthy statement on its own blog, stating "No customer data was exposed, and no other internal services were put at risk because of this issue. No customer action is required in response to this issue".

That sounds fair, but internally there is sure to be a few red faces and breathless IT personnel running this way and that to change passwords and keys that were exposed. Just in case.

Kids, adults, gamers, and boffins alike, it's important to configure your storage accounts correctly. You never know who might come sniffing.

Chris Szewczyk
Hardware Writer

Chris' gaming experiences go back to the mid-nineties when he conned his parents into buying an 'educational PC' that was conveniently overpowered to play Doom and Tie Fighter. He developed a love of extreme overclocking that destroyed his savings despite the cheaper hardware on offer via his job at a PC store. To afford more LN2 he began moonlighting as a reviewer for VR-Zone before jumping the fence to work for MSI Australia. Since then, he's gone back to journalism, enthusiastically reviewing the latest and greatest components for PC & Tech Authority, PC Powerplay and currently Australian Personal Computer magazine and PC Gamer. Chris still puts far too many hours into Borderlands 3, always striving to become a more efficient killer.

Read more
Image manipulated symbolic alegory pointing into the mystery of being.
Deep trouble: Infosec firm finds a DeepSeek database 'completely open and unauthenticated' exposing chat history, API keys, and operational details
Path of Exile 2 early access class key art
Around 66 accounts in Path of Exile 2 were compromised, due to a one-two punch of an old unused Steam account and a backend bug
Microsoft Corporate Vice President, Windows and Devices Pavan Davuluri speaks about Recall during the Microsoft May 20 Briefing event at Microsoft in Redmond, Washington, on May 20, 2024. Microsoft unveiled a new category of PC on Monday that features generative artificial intelligence tools built directly into Windows, the company's world leading operating system. The tech giant estimates that more than 50 million "AI PCs" will be sold over the next 12 months, given the appetite for devices powered by ChatGPT-style technology. (Photo by Jason Redmond / AFP) (Photo by JASON REDMOND/AFP via Getty Images)
Microsoft plans on investing $80,000,000,000 in AI this year, with no sign of the machine learning spending spree stalling just yet
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
An artistic 3D render of the inside of a data centre, with many network wires criss-crossing across the server racks. The entire image is bathed in blue light.
AI Atlantis revealed off the coast of China, reportedly boasting computational power equivalent to 30,000 high-end gaming PCs
Redhead woman using computer laptop at home stressed with hand on head, shocked with shame and surprise face, angry and frustrated. Fear and upset for mistake.
Court documents show not only did Meta torrent terabytes of pirated books to train AI models, employees wouldn't stop emailing each other about it: 'Torrenting from a corporate laptop doesn't feel right'
Latest in Hardware
The Razer Huntsman Mini 60% gaming keyboard floats in the teal PC Gamer deal void. The per-key RGB lights are on.
The most adorable Razer keyboard features not only an almost half-size form factor, but an almost half-size price at only $70
Razer DeathAdder V3 Pro gaming mouse on a blue background
The Razer DeathAdder V3 Pro is as cheap as I've ever seen it and it's even cheaper than the cut-back HyperSpeed version
bulky headphones on black made using x rays
'We essentially created a virtual headset': Scientists transmit inaudible sound using ultrasonic beams to create single person 'audio enclaves'
A promotional image for the Compal Adapt X modular laptop, as presented by the iF Design Foundation
If you've ever wanted to upgrade a laptop with 'modular AI units' then Compal might just have the very thing you're looking for
Dune Awakening
Dune: Awakening system requirements are here, complete with Razer Sensa HD haptic support to 'feel the rumble of your ornithopter's seat'
An image of a MSI power supply unit against a circular gradient blue background
MSI has gone so heavy with 12V-2x6 power sockets in its latest high-end PSUs that many AMD and Intel graphics cards have no way of being powered
Latest in News
A True Kin knight stands in a ruin in Caves of Qud, flanked by bloodstained furniture and a freshly mortalized corpse.
Despite making a roguelike where you can have countless arms and legs, Caves of Qud's creators say the ideal form is a limbless sphere: 'We started in perfection and only moved farther from God'
Civilization 7 Great Britain - Modern Civ art (via YouTube)
As Civilization 7 struggles to keep up with Civ 5 player counts, a new patch is coming tomorrow with still more UI changes and gameplay tweaks
Metaphor: ReFantazio character art
Metaphor: ReFantazio battle director says turn-based RPGs can still be just as popular as action RPGs: 'I personally believe turn-based games have a long future ahead of them'
assassin's creed shadows review
Assassin's Creed Shadows streamer goes viral after confronting whining commenters: 'Normal people don't get upset about this sh***'
Assassin's Creed Shadows change seasons - An upper-body shot of Yasuke looking cheerfully up into the distance.
'This is just the beginning': Assassin's Creed Shadows dev team thanks fans for their support and promises more to come in the future
Geralt sitting on a wall wearing a Cyberpunk jacket modded by TheRealArdCarraigh
The Witcher 3 devs had to practically remake the game engine to make official modding possible