Microsoft has confirmed that it leaked 38TB of private data via unsecured Azure storage. The data was exposed due to a misconfigured Shared Access Signature (SAS) token, which allowed anyone with the link to access the storage bucket. The exposed data included backups of employee workstation profiles, internal Microsoft Teams messages, and passwords to Microsoft services.
Timeline of Events
- July 2020: A Microsoft employee accidentally shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information.
- June 22, 2023: Security researchers from cloud security firm Wiz discovered the exposed data.
- June 24, 2023: Wiz reported the leak to the Microsoft Security Response Center (MSRC).
- July 7, 2023: Microsoft invalidated the SAS token and replaced it on the GitHub page where it was originally located.
- September 7, 2023: Microsoft published a security blog post disclosing the incident.
What was exposed?
The exposed data included the following:
- Backups of two former employees’ workstation profiles
- Internal Microsoft Teams messages from 359 Microsoft employees
- Passwords to Microsoft services
- Secret keys
What impact did the leak have?
Microsoft has stated that no customer data was exposed in the leak. However, the exposed data could still be valuable to attackers, who could use it to target Microsoft employees or gain access to Microsoft systems.
What is Microsoft doing to prevent future leaks?
Microsoft has stated that it is taking steps to prevent future data leaks, including:
- Reviewing its security policies and procedures
- Implementing additional security measures for its cloud storage accounts
- Providing training to its employees on data security best practices
Pointers
- Microsoft has confirmed that it leaked 38TB of private data via unsecured Azure storage.
- The data was exposed due to a misconfigured Shared Access Signature (SAS) token.
- The exposed data included backups of employee workstation profiles, internal Microsoft Teams messages, and passwords to Microsoft services.
- Microsoft has stated that no customer data was exposed in the leak.
- Microsoft is taking steps to prevent future data leaks.
Conclusion
The Microsoft data leak is a reminder that even the largest and most successful companies are vulnerable to cyberattacks. It is important for all organizations to take steps to protect their data, including implementing strong security measures and training their employees on data security best practices.
