🤖 Microsoft leaks 38 terabytes of sensitive data while training AI

#NP 097

Author

Neon Pulse Team
September 29, 2023

Good morning and welcome to the latest edition of neonpulse!

Today, we’re talking about Microsoft, who accidentally leaked 38 terabytes of sensitive data while training an AI model… Let’s dive in!

Sponsored By:

Want to Be Paid $100,000, $250,000, or Even $1,000,000 As A First Time Author?

It starts with writing the "perfect book proposal". Perfect meaning that it aligns with what publishers are buying now to tap into the big money opportunities that are available to authors.

In this free training, a 30-year publishing industry veteran Dr. Angela Lauria shows serious writers what they need to know to get on the path to being published (and being paid well for it)

Microsoft Leaks 38 Terabytes of Sensitive Data While Training AI

Security should be at the basis of everything that has to do with AI — that’s been said by leaders in the industry time and time again. But still, it goes wrong too often…

Recent revelations indicate that Microsoft fell short in safeguarding vast amounts of sensitive data, putting it at risk for an extended period.

Between July 20, 2020, and June 24, 2023, a significant amount of data was inadvertently exposed by Microsoft through a GitHub public repository. This discovery was made by cloud security firm Wiz, who reported the issue to Microsoft on June 22, 2023. Two days later, Microsoft took action by invalidating the compromised token. Wiz explained the entire issue on their official blog.

The breach stemmed from a misconfiguration involving Azure's Shared Access Signature tokens, a feature used to provide controlled access to data on Azure Storage. In this case, an excessively permissive SAS token was used by Microsoft AI researchers, inadvertently exposing 38 terabytes of sensitive information, including AI models for image recognition.

Shockingly, beyond the AI model training data, the breach included a disk backup containing sensitive material from two employees' workstations. This backup included confidential cryptographic keys, passwords, and over 30,000 internal Microsoft Teams messages from 359 employees. This treasure trove of private files remained accessible until Microsoft revoked the compromised SAS token on June 24, 2023.

Despite their utility, SAS tokens come with security risks due to a lack of centralized monitoring and governance. Wiz emphasizes the need to restrict their usage to the bare minimum. The tokens' lengthy expiration dates, which can be set for extended periods, further exacerbate the risk. Microsoft's initial token, for example, was valid for almost a year, from July 20, 2020, to October 5, 2021. Another token was set to remain valid until October 6, 2051.

If you want to know more about this data leak, YouTube Joe from CyberNews lays it out in this 1-minute video:

Do you trust Microsoft with AI?

Login or Subscribe to participate in polls.

How to Sign 2 - 4 New Coaching Clients Every Month — This free client attraction guide gives you a simple, 4-step roadmap for how to consistently attract new coaching clients into your business.

Cool AI Tools

🔗 AI’s Impact On Content Creation: What you need to know to stay ahead when anyone can now create content with AI

🔗 CheatGPT: Study smarter and faster with ChatGPT.

🔗 WisperSEO: Supercharge your SEO game with AI.

🔗 Customers.AI: Audit your website’s conversion rate in seconds.

🔗 Collato: Chat with your tools.

🔗 AutoCaption: AI short form video editor.

And now your moment of zen

Source: iMeat

That’s all for today folks!

If you’re enjoying neonpulse, we would really appreciate it if you would consider sharing our newsletter with a friend by sending them this link:

0 OF 1
You're just 1 referral away from unlocking the ChatGPT Power Prompt Pack

Share this referral link with your audience and friends and unlock access to 6000+ ChatGPT Power prompts:
https://neonpulse.beehiiv.com/subscribe?ref=PLACEHOLDER

Want to advertise your products in front of thousands of AI investors, developers, and enthusiasts?