Microsoft AI researchers accidentally leak 38TB of company data, including employee passwords and Teams messages, raising concerns about data security and employee privacy
A Microsoft AI research team accidentally leaked 38TB of company data, including employee passwords and Teams messages, raising concerns about data security and employee privacy. The leak was discovered by Wiz, a cybersecurity firm, which found a link in the files that contained backups of Microsoft employees’ computers. The backups contained sensitive data such as passwords to Microsoft services, secret keys, and over 30,000 internal Teams messages from hundreds of the tech giant’s employees.
Microsoft has assured in its own report of the incident that no customer data was exposed, and no other internal services were put at risk. The company has also taken steps to fix the issue and prevent future leaks, including revoking the SAS token that was used to share the data, rescanning all of its public repositories, and fixing the system that marked the link as a “false positive.”
However, the leak has raised concerns about Microsoft’s data security practices and the potential impact on its employees. Some experts have criticized Microsoft for using SAS tokens to share sensitive data, as they can be easily misconfigured and lead to data leaks. Others have expressed concern about the potential for hackers to use the leaked data to gain access to Microsoft’s systems or to blackmail employees.
The leak is also a reminder of the importance of employee privacy. Employees have a right to expect that their employers will protect their personal data, especially sensitive data such as passwords and work communications. Microsoft has said that it takes employee privacy seriously, but the leak suggests that the company needs to improve its data security practices.
Overall, the Microsoft AI data leak is a significant incident that raises concerns about data security and employee privacy. It is important for Microsoft to take steps to address these concerns and to prevent similar leaks from happening in the future.