This all happened during the release of an open data repository for education on GitHub. This was reported by cloud security startup Wiz.
Researchers at Wiz discovered that the storage URL in Azure is configured to provide access to the entire storage, not just public data for AI training.
This resulted in the exposure of 38TB of sensitive information, including two Microsoft employees’ personal computer backups and more than 30,000 internal messages in Microsoft Teams.
Even more concerning is that the URL is set to “full control” instead of “read-only”. This means anyone who knows where to look can remove, modify or embed potentially malicious content.
Note that Wiz employees had already shared the necessary information with Microsoft, and the company revoked the access token two days later.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
