Wiz reports on the misconduct of Microsoft researchers who shared files through a link to Azure Blob for sharing machine learning training files. However, that link could access the storage bucket, resulting in the leakage of a significant number of unrelated files.
Within that bucket, there is a backup of data from two Microsoft employee computers. It contains important information such as secureshell login key files, git login files, and Azure ML login tokens. This data leak is not the usual token leak but a Shared Access Signature (SAS), a special link for easily sharing files. The main problem is that SAS is difficult to handle because there is no interface showing how many links have been created and whether the links have a valid expiration time. The only way to address this is to open logs for all storage to check for abnormal link usage.
Wiz discovered this link since mid-last year, and Microsoft closed it within two days after being notified. Wiz is waiting for an internal investigation into the impact and has therefore released this report.
TLDR: Microsoft researchers accidentally leaked a significant number of unrelated files due to a shared link that granted access to a storage bucket. This bucket also contained important login files, increasing the severity of the data breach. The leak was not a standard token leak, but a Shared Access Signature (SAS) link, which poses difficulties in monitoring and securing access. Wiz identified and reported the issue, prompting Microsoft to take immediate action.
Leave a Comment