Skip to content
  • Categories
  • Newsletter
  • Recent
  • AI Insights
  • Tags
  • Popular
  • World
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
  1. Home
  2. AI Insights
  3. Microsoft Leaked 38TB of Sensitive Data During AI Model Development
uSpeedo.ai - AI marketing assistant
Try uSpeedo.ai — Boost your marketing

Microsoft Leaked 38TB of Sensitive Data During AI Model Development

Scheduled Pinned Locked Moved AI Insights
techinteligencia-ar
1 Posts 1 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • baoshi.raoB Offline
    baoshi.raoB Offline
    baoshi.rao
    wrote on last edited by
    #1

    Microsoft's recent data breach highlights the security risks and challenges in AI model training. The incident occurred on a GitHub public repository due to improper use of Azure's Shared Access Signature (SAS) tokens, resulting in the exposure of 38TB of private data.

    Microsoft's AI researchers shared files on GitHub using an overly permissive SAS token, which included open-source code and AI models for image recognition. However, the danger of SAS tokens lies in their lack of monitoring and management, making them difficult to track and control. This left Microsoft's data exposed for years, posing a serious threat to data security.

    Image source: AI-generated image, licensed by Midjourney

    In addition to data used for AI model training, Microsoft also leaked disk backups from two employees' workstations, containing 'secrets,' private encryption keys, passwords, and over 30,000 internal Microsoft Teams messages belonging to 359 Microsoft employees. A total of 38TB of private files were potentially accessible to anyone until Microsoft revoked the problematic SAS token on June 24, 2023.

    This incident underscores the security risks of SAS tokens due to their lack of monitoring and governance. Wiz pointed out that the use of SAS tokens should be minimized, as Microsoft does not provide a centralized management method through the Azure portal.

    Furthermore, SAS tokens can be configured to be 'effectively permanent,' making it difficult to track and control their usage. The first token Microsoft added to its AI GitHub repository was created on July 20, 2020, with an expiration date of October 5, 2021. A second token was later added, set to expire on October 6, 2051.

    In summary, Microsoft's multi-terabyte data leak highlights the risks associated with AI model training. This emerging technology requires massive datasets for training, often leading development teams to handle vast amounts of data, share information with peers, or collaborate on public open-source projects. However, incidents like Microsoft's are becoming increasingly difficult to monitor and prevent, necessitating stronger security measures and coordinated efforts to ensure data security and privacy protection.

    1 Reply Last reply
    0
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Don't have an account? Register
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Newsletter
    • Recent
    • AI Insights
    • Tags
    • Popular
    • World
    • Groups