Last Updated: September 19, 2023, 18:37 IST
Redmond, Washington State, USA
Microsoft has been hit with a major issue this week as its AI research has inadvertently leaked 38TB of personal data that belongs to Microsoft employees.
The leak was discovered by a cybersecurity firm called Wiz and the worrying part is that the leaked data includes passwords to Microsoft services, secret keys and messages from the company’s internal Teams account which goes over 30,000. Microsoft claims that consumer data has not been compromised and even the internal services are not at risk.
The report says that the link to the database was included in the file which allowed any researcher to download the data to train their respective AI models, and that decision was made with complete clarity by the company.
The link was created using Microsoft Azure which has a feature called SAS tokens that gives them the option to create links that can shared with other people through their Azure Storage account.
The problem is, that Microsoft ended up sharing a link that gave access to the full storage account which highlights the mistaken part about this leak. The team at Wiz reported the issue to Microsoft on June 22 and the company got the SAS token rescinded within the next 24 hours.
The data leak is a concern but the company has mentioned the need to be careful while creating such SAS tokens to avoid bigger mishaps in the future. In fact, Microsoft has now talked about the best practices to use SAS tokens and it is likely that the company is using these methods itself.
Microsoft is building a large repository of data to train various AI models, even though it has used OpenAI’s expertise with ChatGPT for its consumer and enterprise products. We already have the AI chatbot on Microsoft Edge browser, Bing Search and even Office.