Home ยป The Extravagant Encounter: Wiz Explores Microsoft’s Unveiled Cloud Storage Solution, a Silent Devotee for 2 Years, Aiding AI Training and Enabling Backup for 38TB of Employee Computers.

The Extravagant Encounter: Wiz Explores Microsoft’s Unveiled Cloud Storage Solution, a Silent Devotee for 2 Years, Aiding AI Training and Enabling Backup for 38TB of Employee Computers.

Wiz reports on the misconduct of Microsoft researchers who shared files through a link to Azure Blob for sharing machine learning training files. However, that link could access the storage bucket, resulting in the leakage of a significant number of unrelated files.

Within that bucket, there is a backup of data from two Microsoft employee computers. It contains important information such as secureshell login key files, git login files, and Azure ML login tokens. This data leak is not the usual token leak but a Shared Access Signature (SAS), a special link for easily sharing files. The main problem is that SAS is difficult to handle because there is no interface showing how many links have been created and whether the links have a valid expiration time. The only way to address this is to open logs for all storage to check for abnormal link usage.

Wiz discovered this link since mid-last year, and Microsoft closed it within two days after being notified. Wiz is waiting for an internal investigation into the impact and has therefore released this report.

TLDR: Microsoft researchers accidentally leaked a significant number of unrelated files due to a shared link that granted access to a storage bucket. This bucket also contained important login files, increasing the severity of the data breach. The leak was not a standard token leak, but a Shared Access Signature (SAS) link, which poses difficulties in monitoring and securing access. Wiz identified and reported the issue, prompting Microsoft to take immediate action.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Government of the United States Alots Funds to Propel Open RAN Network Equipment Development, Enabling Interoperability Among Multiple Carriers

Android 13 QPR3 Beta 2 introduces a feature that enables users to conceal their screen while entering a PIN, safeguarding their device against potential snoopers

Enhanced Security: Proton VPN Renames and Revamps App Icons to Weather or Notes to Safeguard Mobile Privacy