Microsoft's 38TB Data Fiasco

<p>It's not every day you stumble upon a treasure trove of secrets. But
that's precisely what happened when a Microsoft researcher, probably multitasking
between coding and binge-watching cat videos, shared a URL on a public GitHub repository. Little did they know, they
were about to gift the world 38TB of Microsoft's deepest data secrets.</p><p>Picture this: June 2023, a Microsoft researcher innocently shares a URL
on a public <a href="https://github.com/" target="_blank" rel="nofollow">GitHub</a> repository while contributing to an open-source AI model.
Harmless, right? Wrong. The URL contained a "shared access signature"
(SAS) token, and this wasn't your average token.</p><p>28 years of access</p><p>SAS tokens, designed to restrict access to Azure Storage (part of
Microsoft’s <a href="https://www.financemagnates.com/terms/c/cloud/">cloud</a> offering), are like the wild cards in a deck of otherwise
predictable playing cards. They're flexible, and herein lies the rub. Users can
customize access levels, adjust expiry times, and essentially create tokens
that never expire – our star token was valid till 2051, a good 28 years from
now. You can learn all about them <a href="https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview">here</a>,
courtesy of Microsoft. Perhaps read on first, though.</p><p>Now, here's where we go from mild mishap to serious problem. This
particular SAS token, configured with the techy finesse of a bull in a china
shop, granted access across an entire storage account. A storage account that
happened to house 38TB of data, including sensitive employee information,
secret keys, and internal team messages. Oops.</p><blockquote><p lang="en" dir="ltr">

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *